IKEv2 Cisco VPN Topology
SW1 Configuration
Current configuration : 3966 bytes
!
! Last configuration change at 04:09:32 UTC Thu Jul 31 2025
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
crypto ikev2 proposal IKEV2
encryption aes-cbc-256
integrity sha256
group 14
!
crypto ikev2 policy IKE_POLICY
proposal IKEV2
!
crypto ikev2 keyring KEY
peer PEER
address 1.1.1.2
pre-shared-key local cisco
pre-shared-key remote cisco
!
!
!
crypto ikev2 profile PROFILE
match identity remote address 1.1.1.2 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local KEY
!
!
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-md5-hmac
mode tunnel
!
!
!
crypto map MAP 10 ipsec-isakmp
set peer 1.1.1.2
set transform-set IPSEC
set ikev2-profile PROFILE
match address IPSEC
!
!
!
!
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
crypto map MAP
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip access-list extended IPSEC
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
endSW2 Configuration
Current configuration : 3960 bytes
!
! Last configuration change at 01:16:48 UTC Thu Jul 31 2025
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
crypto ikev2 proposal IKEV2
encryption aes-cbc-256
integrity sha256
group 14
!
crypto ikev2 policy POLICY
proposal IKEV2
!
crypto ikev2 keyring KEY
peer PEER
address 1.1.1.1
pre-shared-key local cisco
pre-shared-key remote cisco
!
!
!
crypto ikev2 profile PROFILE
match identity remote address 1.1.1.1 255.255.255.0
authentication local pre-share
authentication remote pre-share
keyring local KEY
!
!
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-md5-hmac
mode tunnel
!
!
!
crypto map MAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set IPSEC
set ikev2-profile PROFILE
match address IPSEC
!
!
!
!
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
media-type rj45
crypto map MAP
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
ip access-list extended IPSEC
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end