Phase 1 with ipsec

HUB

HUB(config)#crypto isakmp key IDN_MANTAB address 23.23.23.1

HUB(config)#crypto isakmp key IDN_MANTAB address 24.24.24.1

Spoke-1, Spoke-2

Spoke-1,Spoke-2(config)#crypto isakmp key IDN_MANTAB address 12.12.12.1

HUB

HUB(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha

hmac

HUB(cfg-crypto-trans)#mode transport

HUB(cfg-crypto-trans)#exit

HUB(config)#crypto ipsec profile IDN_PROFILE

HUB(ipsec-profile)#set transform-set IDN_TRANSFORM

Spoke-1

Spoke-1(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha-hmac

Spoke-1(cfg-crypto-trans)#mode transport

Spoke-1(cfg-crypto-trans)#exit

Spoke-1(config)#crypto ipsec profile IDN_PROFILE

Spoke-1(ipsec-profile)#set transform-set IDN_TRANSFORM

Spoke-2

Spoke-2(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha-hmac

Spoke-2(cfg-crypto-trans)#mode transport

Spoke-2(cfg-crypto-trans)#exit

Spoke-2(config)#crypto ipsec profile IDN_PROFILE

Spoke-2(ipsec-profile)#set transform-set IDN_TRANSFORM

Hub, Spoke1 dan Spoke2

Hub,Spoke1,Spoke2(config)#int tun0

Hub,Spoke1,Spoke2(config-if)#tunnel protect ipsec profile IDN_PROFILE

Setelah setting ip-secdi interface tunnel, selanjutnya kita akan verfiksi ip-sec nya.

HUB

HUB#show crypto isakmp sa IPv4 Crypto ISAKMP SA

dst src state conn-id status

23.23.23.1................12.12.12.1 QM_IDLE 1003 ACTIVE

12.12.12.1 24.24.24.1 QM_IDLE 1002 ACTIVE

12.12.12.1 23.23.23.1 QM_IDLE 1001 ACTIVE

24.24.24.1 12.12.12.1 QM_IDLE 1004 ACTIVE

IPv6 Crypto ISAKMP SA

Verifikasi,.

Spoke-1

Spoke-1#show crypto isakmp sa IPv4 Crypto ISAKMP SA

dst src state conn-id status

12.12.12.1 23.23.23.1 QM_IDLE 1001 ACTIVE

23.23.23.1 12.12.12.1 QM_IDLE 1002 ACTIVE

IPv6 Crypto ISAKMP SA

Spoke-2

Spoke-2#show crypto isakmp sa IPv4 Crypto ISAKMP SA

dst src state conn-id status

12.12.12.1 24.24.24.1 QM_IDLE 1001 ACTIVE

24.24.24.1 12.12.12.1 QM_IDLE 1002 ACTIVE

IPv6 Crypto ISAKMP SA