IPsec
- IPsec overview
Internet Protocol security (IPsec) is a suite of protocols that provide secure communication between devices at the network layer (Layer 3) across public and private networks. - Configuring global parameters for IKEv2
Global Internet Key Exchange version 2 (IKEv2) parameters are configured independently of peer configurations. - Configuring an IKEv2 proposal
Internet Key Exchange version 2 (IKEv2) proposal configuration sets parameters that are exchanged in the first phase of IKEv2 peer negotiations. After configuration, an IKEv2 proposal must be attached to an IKEv2 policy for use in IKEv2 negotiations. - Configuring an IKEv2 policy
Internet Key Exchange version 2 (IKEv2) policy configuration specifies the IKEv2 proposal to be used by an IKEv2 policy and sets match parameters for the policy. An IKEv2 policy is used to protect IKEv2 peer negotiations. - Configuring an IKEv2 authentication proposal
Internet Key Exchange version 2 (IKEv2) authentication proposal configuration sets parameters that are used to authenticate IKEv2 peer devices. After configuration, an IKEv2 authentication proposal must be attached to an IKEv2 profile for use in IKEv2 negotiations. - Configuring an IKEv2 profile
Internet Key Exchange version 2 (IKEv2) profile configuration sets parameters that are exchanged in the second phase of IKEv2 peer negotiation. An IKEv2 profile specifies match identity criteria and the authentication proposal that is to be applied to an incoming connection. An IKEv2 profile may be used to protect a single VRF or all VRFs. - Configuring an IPsec proposal
IPsec proposal configuration sets encryption parameters for IPsec. An IPsec proposal is activated by attaching it to an IPsec profile. - Configuring an IPsec profile
IPsec profile configuration sets parameters used to encrypt data between IPsec peer devices. After configuration, an IPsec profile is activated by attaching it to a virtual tunnel interface (VTI). - Activating an IPsec profile on a VTI
An IPsec profile is activated by binding it to a virtual tunnel interface (VTI) that is configured as an IPsec VTI. - Routing traffic over IPsec using static routing
Traffic can be routed over an IPsec tunnel by configuring a static route. - Routing traffic over an IPsec tunnel using PBR
Traffic can be configured to route over an IPsec tunnel by using policy-based routing (PBR) . - Re-establishing SAs
An IKEv2 SA or IPsec SA is re-established after the SA is cleared. When the SA is cleared, any existing child SAs are also cleared and re-established. - Disabling traps and syslog messages for IKEv2 and IPsec
You can disable error traps and syslog messages for Internet Key Exchange version 2 (IKEv2) and IPsec. By default, traps and syslog messages for both IKEv2 and IPsec are enabled. - Displaying IPsec module information
Some show commands can be used to display information about the status of an installed IPsec interface module and about the current utilization of the module. - Displaying IKEv2 configuration information
Various show commands can be used to display information about IKEv2 configurations. - Displaying IPsec configuration information
Various show commands can be used to display IPsec configuration information. - Displaying and clearing statistics for IKEv2 and IPsec
Various commands can be used to display and clear statistical information for IKEv2 and IPsec. - Configuration example for an IPsec tunnel using default settings (site-to-site VPN)
An IPsec tunnel is configured by binding an IPsec profile to the virtual tunnel interface (VTI) at each end of the IPsec tunnel. When the default settings for the IPsec profile are used, minimal configuration is needed to establish the tunnel. - Configuration example for a hub-to-spoke VPN using IPsec
IPsec may be used to secure communications in a hub-to-spoke (tunnel stitching) deployment such as a virtual private network (VPN). - Configuration example for an IPsec tunnel in an IPsec tunnel
Double encryption is provided when an IPsec tunnel is configured in another IPsec tunnel.