Secure Connectivity Simplifed.
Cisco's GDOI interpretation for IOS provides a simple and effective way to protect traffic between networks without the overhead of tedious, repetive manual configuration headaches.
The following example illustrates how a central key server can specify traffic to be encrypted.
Key server configuration:
crypto gdoi group myGDOI
identity number 99
server local
rekey algorithm aes 128
rekey retransmit 10 number 2
rekey authentication mypubkey rsa GET-gdoi-key
rekey transport unicast
authorization address ipv4 GET_list
sa ipsec 1
profile gdoi-profile
match address ipv4 GET_traffic
replay counter window-size 64
address ipv4 10.4.1.2
crypto ipsec profile gdoi-profile
set security-association lifetime seconds 900
set transform-set ccie
Extended IP access list getvpn_traffic
10 permit ip 10.9.1.0 0.0.0.255 192.168.200.0 0.0.0.255
20 permit ip 192.168.200.0 0.0.0.255 10.9.1.0 0.0.0.255
No comments:
Post a Comment