do clock set 17:30:00 4 Jan 2021
ip http server
!
crypto pki server CERT
database url flash:
issuer-name CN=ABC CA Server O=ABC OU=Training L=India C=IN
grant auto
no shu
R2
crypto key generate rsa
!
=>Pointer towards CA server
crypto ca trustpoint III
enrollment url http://1.1.1.1:80
revocation-check none
=>Download root certificate from CA Server
crypto ca authenticate III
=>Enroll public key with the CA Server and get a certificate issued
crypto ca enroll III
crypto isakmp policy 10
auth rsa-sig
hash md5
enc 3des
group 2
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
access-list 101 permit ip 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255
!
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 192.168.23.3
set transform-set TSET
!
int f1/0
crypto map CMAP
=======================================================
R3
crypto isakmp policy 10
auth rsa-sig
hash md5
enc 3des
group 2
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
access-list 101 permit ip 3.3.3.0 0.0.0.255 2.2.2.0 0.0.0.255
!
crypto map CMAP 10 ipsec-isakmp
match address 101
set peer 192.168.23.2
set transform-set TSET
!
int f1/0
crypto map CMAP
