The current Cisco router configuration should be checked to see if
there are any IPSec policies already configured that are useful for, or may
interfere with, the IPSec policies that are planned to be configured.
Previously configured IKE and IPSec policies and details can and should be used
if possible to save configuration time. However, previously configured IKE and
IPSec policies and details can make troubleshooting more difficult if problems
arise.
To check if IKE policies have previously been configured, start
with the show running-config command. A variety of
show commands specific to IPSec can also be used. For
example, the show crypto isakmp policy command, as shown in
Figure
, can be used to
examine IKE policies. The default protection suite seen in Figure
is available for
use without modification. Other available show commands can
also be used to view IKE and IPSec configuration.
The show
crypto map command, shown in Figure
, is
useful for viewing any previously configured crypto maps. Crypto maps are
covered in detail later in this lesson. Previously configured maps can and
should be used to save configuration time. However, previously configured
crypto maps can interfere with the IPSec policy that is to be configured.
The show crypto ipsec transform-set command can be used
to view previously configured transform sets
. Previously
configured transforms can, and should, be used to save configuration time.