CCSP SECUR Exam Cram 2 (642-501)

The most important part of any IPSec implementation comes in the planning stage. You should define all parameters and policies on paper. You must know the IPSec gateways, the Phase 1 parameters to use, and the Phase 2 parameters to use, define what is interesting traffic, and define what interfaces IPSec will be applied to.

The goal is to minimize any misconfiguration when you configure actual implementation commands on your router.

A typical security policy would identify items such as those in Table 8.1.

Table 8.1. IPSec Peer Policies

Policy

R1 Configuration

R2 Configuration

Protected networks

30.1.1.0/24

30.2.2.0/24

Transport used

TCP

TCP

IPSec policy

ESP-DES, AH-MD5

ESP-DES, AH-MD5

IPSec interface

S0/0

S0/0

Peer hostname

R2

R1

DH authentication

Preshared

Preshared

Related

Категории