Smart IPsec

I phase


Policy number:
Hash:
Set hash algorithm for Internet Security Association and Key Management Protocol (ISAKMP):
MD5 Message Digest 5
(128 bit, not recommended)
SHA Secure Hash Standard
(160 bit)

Encryption:
Set encryption algorithm for Internet Security Association and Key Management Protocol (ISAKMP):
DES
Data Encryption Standard
(56 bit, not recommended)
3DES
Three key triple DES
(168 bit)
AES
Advanced Encryption Standard
(128,192,256 bit, recommended)

Key lenght:
Set key lenght for AES:
128 bit key lenght
192 bit key lenght
256 bit key lenght

Group DH:
Set the Diffie-Hellman group for Internet Security Association and Key Management Protocol (ISAKMP):
1 Diffie-Hellman group 1
(768 bit)
2 Diffie-Hellman group 2
(1024 bit)
5 Diffie-Hellman group 5
(1536 bit)

Lifetime:
IP destination router:
Key:

II phase


IPsec setting


Transform-set:
Type:
Set the IPSec type:
Authentication Header
(AH)
  • Authentication
  • Integrality
  • Replay-attacks protection
Encapsulation Security Payload
(ESP)
  • Encryption
  • Authentication
  • Integrality
  • Replay-attacks protection
Authentication Header
+
Encapsulation Security Payload

AH:
Set the AH mode:
MD5 Message Digest 5
(128 bit, not recommended)
SHA Secure Hash Standard
(160 bit)

ESP:
+
Set the Encapsulation Security Payload mode:
DES
Data Encryption Standard
(56 bit, not recommended)
3DES
Three key triple DES
(168 bit)
AES
Advanced Encryption Standard
(128,192,256 bit, recommended)

Mode:
Set the IPSec mode:
Tunnel
(Gateway-Gateway, default)
Transport
(Host-Host)

Access-list setting


ACL-number:
Source network:
Destination network:

Crypto-map setting


Name/Number:
Set the Crypto MAP name and number
Crypto map contain:
  • Peer info
  • Match address info (ACL)
  • Transform-set info (IPSec)

Interface setting


Interface:
Set the name of the interface that looks on the Internet side on your router

Result:


Text setting
Download settings file
Download

(Download config.txt file configuration)

QR code setting
Expert mode