Hello, I'm looking for advice on updating our current encryption method for DMVPN hub and spoke.
Would like to change to the following (seems like this is what Cisco documentation suggests)
crypto ipsec transform-set aesset esp-aes 256 esp-sha-hmac
Would adding the new transform set to the DMVPN hub, deleting the old one, updating the crypto ipsec profile, and then doing the same on the spokes be all there is to it?
Current configuration on the hub is:
! crypto isakmp policy 1 encr aes authentication pre-share group 5 crypto isakmp key key123 address 1.1.1.1 crypto isakmp key key123 address 2.2.2.2 crypto isakmp key password123 address 0.0.0.0 crypto isakmp keepalive 60 ! ! crypto ipsec transform-set TransformSet1 esp-3des esp-sha-hmac mode tunnel ! ! crypto ipsec profile dmvpn set transform-set TransformSet1 !
And on the spoke:
! crypto isakmp policy 1 encr aes authentication pre-share group 5 crypto isakmp key password123 address 0.0.0.0 ! crypto ipsec transform-set TransformSet1 esp-3des esp-sha-hmac mode tunnel ! crypto ipsec profile dmvpn set transform-set TransformSet1 !
No comments:
Post a Comment