Cisco/FlexVPN/flexvpn1.txt

crypto ikev2 keyring KEYR1
peer R2
address 198.51.100.2 
pre-shared-key local Cisco
pre-shared-key remote Cisco


crypto ikev2 profile Profil1
match identity remote address 198.51.100.2 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local KEYR1


crypto ikev2 proposal ikeprop1
integrity sha256 sha384 sha512
group 14 15
encryption aes-cbc-128 aes-cbc-256

crypto ikev2 policy ikepol1
proposal ikeprop1

ip access-list extended ACLR2
permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes

crypto map CM1 10 ipsec-isakmp
match address ACLR2
set peer 198.51.100.2
set transform-set TR1
set ikev2-profile Profil1


int g0/1
crypto map CM1
. 2022-03-28 19:53:08 +02:00			`crypto ikev2 keyring KEYR1`
			`peer R2`
			`address 198.51.100.2`
			`pre-shared-key local Cisco`
			`pre-shared-key remote Cisco`


			`crypto ikev2 profile Profil1`
			`match identity remote address 198.51.100.2 255.255.255.255`
			`authentication local pre-share`
			`authentication remote pre-share`
			`keyring local KEYR1`


			`crypto ikev2 proposal ikeprop1`
			`integrity sha256 sha384 sha512`
			`group 14 15`
			`encryption aes-cbc-128 aes-cbc-256`

			`crypto ikev2 policy ikepol1`
			`proposal ikeprop1`

			`ip access-list extended ACLR2`
			`permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255`

			`crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes`

			`crypto map CM1 10 ipsec-isakmp`
			`match address ACLR2`
			`set peer 198.51.100.2`
			`set transform-set TR1`
			`set ikev2-profile Profil1`


			`int g0/1`
			`crypto map CM1`