Net Worker World

R2: 1. Create keyring crypto ikev2 keyring MYKEYS  peer R3   address 203.0.113.1   pre-shared-key Cisco123 2. Create ikev2 profile  crypto ikev2 profile IKEV2-PROFILE  match identity remote address 203.0.113.1 255.255.255.255  identity local address 203.0.113.3    << without this, peer receives identity 192.168.1.10  authentication remote pre-share  authentication local pre-share  keyring local MYKEYS 3. Create IPSec profile crypto ipsec profile IPSEC-PROFILE  set ikev2-profile IKEV2-PROFILE 4. Create tunnel interface interface Tunnel1  ip address 172.16.11.1 255.255.255.252  tunnel source Ethernet0/0  tunnel mode ipsec ipv4  tunnel destination 203.0.113.1  tunnel protection ipsec profile IPSEC-PROFILE R3: 1. Create keyring crypto ikev2 keyring MYKEYS  peer R2   address 203.0.113.3   pre-shared-key Cisco123 2. Create ikev2 profile  crypto ikev2 profile IKEV2-PROFILE  match identity remote address 203.0.113.3 255.255.255.255   authentication remote pre-share  authentication local

ip access-list extended CP-FILTER permit ip host 192.168.0.1 any permit ip any host 192.168.0.1 monitor capture buffer BUFF  monitor capture buffer  BUFF  filter access-list CAP-FILTER monitor capture point ip cef CP gi0/0/0 both monitor capture point associate CP BUFF monitor capture point  start  CP monitor capture point   stop   CP show monitor capture buffer all parameter show monitor capture buffer BUFF monitor capture buffer  BUFF  export  tftp://192.168.0.10/capture.pcap no monitor capture point ip cef CP gi0/0/0 both no monitor capture buffer BUFF