08-19-2018 08:25 AM - edited 02-21-2020 09:26 PM
Hi cisco experts!
So i just learn about IPSEC VPN. I have learned and thankfully understand these configuration (from youtube) :
crypto isakmp policy 10 encryption aes 256 authentication pre-share group 5 ! crypto isakmp key secretkey address 209.165.100.1 ! crypto ipsec transform-set R3-R1 esp-aes 256 esp-sha-hmac ! crypto map IPSEC-MAP 10 ipsec-isakmp set peer 209.165.100.1 set pfs group5 set security-association lifetime seconds 86400 set transform-set R3-R1 match address 100 ! interface GigabitEthernet0/0 crypto map IPSEC-MAP ! access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
But when i see my company VPN configuration i'm a little bit confused. Btw i have changed the ip address and all sensitive content from my company configuration. My company vpn config :
crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 crypto isakmp key BD address 172.149.254.251 crypto isakmp key BD address 172.149.254.254 crypto isakmp key BD address 172.150.254.251 crypto isakmp key BD address 172.150.254.254 ! ! ! ! crypto gdoi group BankGDOI identity number 12345 server address ipv4 172.149.254.251 server address ipv4 172.149.254.254 server address ipv4 172.150.254.251 server address ipv4 172.150.254.254 passive ! ! crypto map BankMAP local-address GigabitEthernet0/0 crypto map BankMAP 1 gdoi set group BankGDOI match address GETVPN-ACL ! !
My questiens are :
crypto gdoi group BankGDOI identity number 12345 server address ipv4 172.149.254.251 server address ipv4 172.149.254.254 server address ipv4 172.150.254.251 server address ipv4 172.150.254.254 passive
crypto map IPSEC-MAP 10 ipsec-isakmpBut i lost it when it becomes (from my company) :
crypto map BankMAP local-address GigabitEthernet0/0
crypto map BankMAP 1 gdoi set group BankGDOI
Solved! Go to Solution.
08-19-2018 10:17 AM
Hi,
The example you have from youtube is a standard crypto map, but your company is using another type of VPN called GETVPN. More information here.
GETVPN is still an IPSec VPN, it uses GDOI to distribute IPSec keys to a group of VPN peers (as per BankGDOI group configuration in your example), this group is referenced in your example under the command "crypto map BankMAP 1 gdoi".
HTH
08-19-2018 10:17 AM
Hi,
The example you have from youtube is a standard crypto map, but your company is using another type of VPN called GETVPN. More information here.
GETVPN is still an IPSec VPN, it uses GDOI to distribute IPSec keys to a group of VPN peers (as per BankGDOI group configuration in your example), this group is referenced in your example under the command "crypto map BankMAP 1 gdoi".
HTH
08-19-2018 07:37 PM
Thx a lot sir! Another VPN knowledge that i have to master!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide