Cisco IOS commands:
! IKE Phase 1 - negotiating gateway-to-gateway secure control tunnel for key exchanges and negotiation of phase 2 UPD port 500 config# crypto isakmp policy <number> config-isakmp# authentication pre-shared config-isakmp# encr <enc_algo> <bits> config-isakmp# hash <hashing_algo> config-isakmp# group <DH_group> config-isakmp# lifetime <sec> config-isakmp# exit config# crypto isakmp key <pre-shared-key> address <peer_ip> ! IKE Phase 2 - negotiating IPsec data tunnel for end nodes AH protocol 51 or ESP portocol 50 config# crypto ipsec transform-set <name> <transforms> config-crypto-trans# mode tunnel config-crypto-trans# exit ! What traffic to secure config# access-list <ext_acl> permit ip <src> <src_wildcard_mask> <dst> <dst_wildcard_mask> ! How to secure config# crypto map <map_name> <num> ipsec-isakmp config-crypto-map# match <ext_acl> config-crypto-map# set transform-set <name> config-crypto-map# set peer <peer_ip> config-crypto-map# set pfs <pfs> config-crypto-map# exit config# interface <if_name> config-if# crypto map <map_name> config-if# end