ISAKMP/IKE Phase 2 Configuration

Once ISAKMP/IKE Phase 1 completes (negotiates the Phase 1 policies, performs DH, and authenticates the peer), the management connection is established. The management connection is then used to build the two unidirectional data connections during ISAKMP/ IKE Phase 2. In its simplest form, there are three components that need to be configured for L2L sessions for ISAKMP/IKE Phase 2:

  • Define the traffic that needs to be protected (crypto ACL).

  • Define how that traffic is to be protected (transform set).

  • Define to whom the traffic should be forwarded (crypto map).

If the remote L2L peer acquires its address dynamically, and you want to allow the remote peer to build an L2L session to your router, you’ll have to build ...

Get The Complete Cisco VPN Configuration Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.