ISAKMP is a protocol, which is actually does the negotiation between 2 hosts. ISAKMP Security Association is we call as the Phase 1 and IPSec Security Association is we call as phase 2.
ISAKMP - Internet Security Association Key Management Protocol.
Our example setup is between two branches of a small company, connected via ISP router (R2). Both are using static IPs.
Pre-share - Use Pre-shared key as the authentication method
Group 5 - Diffie-Hellman group to be used.
To configure IPSec we need to setup the following in order:
Create extended ACL
Create IPSec Transform
Create Crypto Map
Apply crypto map to the public interface
We simulated this IPSEC site to site VPN tunnel on GNS3.
verification commands.
# show crypto isakmp sa
# show crypto ipsec sa