From: Dustin.Yates@xxxxxxxxxxxx
Date: Thu Apr 18 2002 - 14:19:06 GMT-3
I'm working an IPSec series of labs that does have the solution for this
task. I put it on my lab routers, but I'm not sure if it's correct. Any
concerns with what I've proposed as a solution?
Requirement:
Provide for authentication of BGP peering session between R1 (1.1.1.1) and
R2 (2.2.2.2) without encrypting the session. Also, establish a new security
association every 15 minutes.
My Solution:
on r1:
crypto isakmp policy 10
auth pre-share
crypto isakmp key bgp-auth address 2.2.2.2
crypto ipsec transform-set bgp ah-md5-hmac
crypto map bgp 10 ipsec-isakmp
set peer 2.2.2.2
set transform-set bgp
set security-association lifetime seconds 900
match address 100
int serial 0
crypto map bgp
access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq bgp
on r2:
crypto isakmp policy 10
auth pre-share
crypto isakmp key bgp-auth address 1.1.1.1
crypto ipsec transform-set bgp ah-md5-hmac
crypto map bgp 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set bgp
set security-association lifetime seconds 900
match address 100
int serial 0
crypto map bgp
access-list 100 permit tcp host 2.2.2.2 host 1.1.1.1 eq bgp
TIA! dy
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:12 GMT-3