SIMULATION
Answer: See the explanation
Explanation:
Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end
Nothing on the “proposal IKEV2”, why ?
0
0
The answer is not completed ?
0
0
Add :
!
crypto ikev2 proposal default
encryption aes-cbc-128
integrity sha1
group 5
!
0
0
You also need the policy that calls the proposal:
crypto ikev2 proposal proposal-1
encryption aes-cbc-128
integrity sha1
group 5
!
crypto ikev2 policy policy-1
proposal proposal-1
0
0
I dont think you would need to add the policy if you modify the default proposal. The default policy would call the default proposal and everything should work….correct me if i am wrong please.
0
0