SalesBuy
1-855-856-7678
Technical SupportSupport
Cisco ISR 2921 IOS Release 15.0
As part of the procedure to establish site-to-site connection your windows Azure Virtual Network, you need to run a script to configure your VPN device.
Use the script template below for Cisco ISR 2921 IOS Release 15.0.
 Note |
|---|
| To run the script, you need to log in with a privileged account. |
|
Note |
|---|
| Parameters that start with 'SP_' are specified parameters that you get from your Virtual Network settings in the Windows Azure Management Portal. Parameters that start with 'RP_' are parameters that you name by yourself. |
! Configuration for IKE policies. ! Enables the IKE policy configuration (config-isakmp) command mode, ! where you can specify the parameters that are used during an IKE negotiation. ! Here the Ecryption method, Authencation Method, DH group and ISAKMP SA lifetime are defined. crypto isakmp policy 101 encr aes authentication pre-share group 2 lifetime 28800 ! Specifies the pre-shared key which should ! be identical at both peers. This is a global ! configuration mode command. ! e.g. crypto isakmp key 58U0JcVxrvHQMSX4Y2zDvHHOOytC9XBCF7Xh address 65.52.248.131 crypto isakmp key <SP_PresharedKey> address <SP_AzureGatewayIpAddress> ! Defines the IPSEC SA lifetime. crypto ipsec security-association lifetime seconds 3600 crypto ipsec security-association lifetime kilobytes 102400000 ! Configuration for IPsec policies. ! Enables the crypto transform configuration mode, ! where you can specify the transform sets that are used ! during an IPsec negotiation. ! e.g. crypto ipsec transform-set azure esp-aes esp-sha-hmac crypto ipsec transform-set <RP_IPSecTransformSet> esp-aes esp-sha-hmac mode tunnel ! Indicates that IKE is used to establish ! the IPsec Security Association for protecting the ! traffic specified by this crypto map entry. ! need to specify the peer ip address, transform set and the ipsec flow ! under the crypto map. ! e.g. crypto map azure 1 ipsec-isakmp crypto map <RP_IPSecCryptoMap> 1 ipsec-isakmp set peer SP_AzureGatewayIpAddress> set transform-set <RP_IPSecTransformSet> match address 101 ! Configures the interface to use the ! crypto map "<RP_IPSecCryptoMap>" for IPsec. ! e.g. interface GigabitEthernet0/1/0 interface <NameOfYourOutsideInterface> ip tcp adjust-mss 1350 negotiation auto crypto map <RP_IPSecCryptoMap> ! The access list defined below is used to specify interesting traffic for IPsec. ! e.g. access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.1.255 access-list <RP_AccessList> permit ip <SP_OnPremiseNetworkIpRange> <SP_OnPremiseNetworkWildcardBits> <SP_AzureNetworkIpRange> <SP_AzureNetworkWildcardBits>
See Also
