ISAKMP

Recommendations

Info

Configuring IPsec Chapter 29 Configuring IPsec and <strong>ISAKMP</strong> Figure 29-2 shows the cascading ACLs created from the conceptual ACEs above. The meaning of each symbol in the figure follows. Crypto map within a crypto map set. (Gap in a straight line) Exit from a crypto map when a packet matches an ACE. Packet that fits the description of one ACE. Each size ball represents a different packet matching the respective ACE in the figure. The differences in size merely represent differences in the source and destination of each packet. Redirection to the next crypto map in the crypto map set. Response when a packet either matches an ACE or fails to match all of the permit ACEs in a crypto map set. 29-16 Cisco Security Appliance Command Line Configuration Guide OL-12172-04
Chapter 29 Configuring IPsec and <strong>ISAKMP</strong> Configuring IPsec Figure 29-2 Cascading ACLs in a Crypto Map Set Crypto Map 1 Deny A.3 B Deny A.3 C Permit A B Permit A C Apply IPSec assigned to Crypto Map 1 Crypto Map 2 Permit A.3 B Permit A.3 C Apply IPSec assigned to Crypto Map 2 Route as clear text 143513 Security Appliance A evaluates a packet originating from Host A.3 until it matches a permit ACE and attempts to assign the IPsec security associated with the crypto map. Whenever the packet matches a deny ACE, the security appliance ignores the remaining ACEs in the crypto map and resumes evaluation against the next crypto map, as determined by the sequence number assigned to it. So in the example, if Security Appliance A receives a packet from Host A.3, it matches the packet to a deny ACE in the first crypto map and resumes evaluation of the packet against the next crypto map. When it matches the packet to the permit ACE in that crypto map, it applies the associated IPsec security (strong encryption and frequent rekeying). OL-12172-04 Cisco Security Appliance Command Line Configuration Guide 29-17
Page 1 and 2: CHAPTER 29 Configuring IPsec and IS
Page 3 and 4: Chapter 29 Configuring IPsec and IS
Page 15: Chapter 29 Configuring IPsec and IS

ISAKMP

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?