network – cisco router – router ipsec vpn

crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp key hello address (Peer-IP-Address)
!
!
crypto ipsec transform-set my-trans ah-sha-hmac esp-aes 256
!
crypto map my-map 1 ipsec-isakmp
set peer (Peer-IP-Address)
set transform-set my-trans
match address 120
!
!
access-list 120 permit ip host (Your-IP) host (There-IP)
!
!
interface FastEthernet0/0
crypto map my-map

To test ike phase 1

R3#sh crypto isakmp sa
dst src state conn-id slot status
192.168.2.2 192.168.2.1 QM_IDLE 3 0 ACTIVE

To test ipsec phase 2

R3#sh crypto ipsec sa

interface: FastEthernet0/0
Crypto map tag: my-map, local addr 192.168.2.1

protected vrf: (none)
local ident (addr/mask/prot/port): (4.4.4.4/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 262, #pkts encrypt: 262, #pkts digest: 262
#pkts decaps: 263, #pkts decrypt: 263, #pkts verify: 263
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0

local crypto endpt.: 192.168.2.1, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x9466F4F6(2489775350)

inbound esp sas:
spi: 0x1D7ABCEC(494583020)
transform: esp-3des esp-md5-hmac ,

Important part to look at is the packet encryption and decryption. If these counts go up the tunnel is encrypting traffic.
#pkts encaps: 262, #pkts encrypt: 262, #pkts digest: 262
#pkts decaps: 263, #pkts decrypt: 263, #pkts verify: 263

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s