Specifications
7-7
Cisco Catalyst 4000 Access Gateway Module Installation and Configuration Note
OL-3008-01
Chapter 7 Configuring Encryption Services
Sample Configurations
Note Although encryption is enabled by default when you install the ESA hardware, if you need to enable
it, you would use the no crypto engine accel command. This command is useful for debugging
problems with the ESA or for testing features available only with software encryption.
Sample Configurations
The following topics are discussed in this section:
• Encrypting Traffic Between Two Networks, page 7-7
• Exchanging Encrypted Data Through an IPSec Tunnel, page 7-10
Encrypting Traffic Between Two Networks
The sample configurations in this section show you how to encrypt traffic between a private network
(10.103.1.x) and a public network (98.98.98.x) using IPSec. The 98.98.98.x network knows the
10.103.1.x network by the private addresses. The 10.103.1.x network knows the 98.98.98.x network by
the public addresses.
Configuration File for the Public Gateway
gateway-2b# show running config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname gateway-2b
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 95.95.95.2
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp 1 ipsec-isakmp
set peer 95.95.95.2
set transform-set rtpset
match address 115
!
interface Ethernet0/0
ip address 98.98.98.1 255.255.255.0
no ip directed-broadcast
!