IKEv2 For Site to Site VPN

saini.bhupesh · November 21, 2018, 12:35am

Hi Rene,

Can you help me these configs

crypto ikev2 proposal AMT_Proposal 
 encryption aes-cbc-256
 integrity sha512
 group 14
!
!
crypto ikev2 keyring AMT-DMVPN-KEY
 peer ANY
  address 0.0.0.0 0.0.0.0
  pre-shared-key 3m"b+_hg'skz"K"C
 !
!
!
crypto ikev2 profile AMT-INET-Profile
 match fvrf internet
 match identity remote address 0.0.0.0 
 authentication local pre-share
 authentication remote pre-share
 keyring local AMT-DMVPN-KEY
!
crypto ikev2 dpd 40 5 on-demand
!
crypto ipsec security-association replay window-size 512
!
crypto ipsec transform-set AMT-TRANS-SET esp-aes 256 esp-sha-hmac 
 mode transport
!         
crypto ipsec profile AMT-DMVPN-PROFILE
 set transform-set AMT-TRANS-SET 
 set ikev2-profile AMT-INET-Profile

ReneMolenaar · November 26, 2018, 2:01pm

Hello Bhupesh,

What is your question about this config?

Rene

saini.bhupesh · November 26, 2018, 3:32pm

Hi Rene,

I am not finding any good explanation over this config. I tried to search , but no luck

Thanks,
Bhupesh

ReneMolenaar · November 27, 2018, 9:53am

Hi Bhupesh,

This is IPSec IKEv2 and looking at your keyring (AMT-DMVPN-KEY) and the peer address, this is used for DMVPN on the Hub router.

In the example above, I use IKEv1 but it should give you an idea.

Rene