Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

369| Virtual Private Networks AOS-W 6.5.3.x| User Guide

In the CLI

To configure a site-to-site VPN with two static IP switches using IKEv1, issue the following commands in the CLI:

(host)(config) #crypto-local ipsec-map <name> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip <ipaddr>

vlan <id>

version v1|v2

peer-cert-dn <peer-dn>

pre-connect enable|disable

trusted enable

For certificate authentication:

set ca-certificate <cacert-name>

set server-certificate <cert-name>

(host)(config) #crypto isakmp policy <priority>

encryption {3des|aes128|aes192|aes256|des}

version v1|v2

authentication {rsa-sig|ecdsa-256ecdsa-384}

group {1|2|19|20}

hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}

lifetime <seconds>

For pre-shared key authentication:

(host)(config) #crypto-local isakmp key <key> address <ipaddr> netmask <mask>

(host)(config) #crypto isakmp policy <priority>

encryption {3des|aes128|aes192|aes256|des}

version v1|v2

authentication pre-share

group {1|2|19|20}

hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}

lifetime <seconds>

To configure site-to-site VPN with a static and dynamically addressed switch that initiates IKE Aggressive-mode

for Site-Site VPN:

(host)(config) #crypto-local ipsec-map <name> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip <ipaddr>local-fqdn <local_id_fqdn>

vlan <id>

pre-connect enable|disable

trusted enable

For the Pre-shared-key:

(host)(config) #crypto-local isakmp key <key> address <ipaddr> netmask 255.255.255.255

For a static IP switch that responds to IKE Aggressive-mode for Site-Site VPN:

crypto-local ipsec-map <name2> <priority>

src-net <ipaddr> <mask>

dst-net <ipaddr> <mask>

peer-ip 0.0.0.0

peer-fqdn fqdn-id <peer_id_fqdn>

vlan <id>

trusted enable

For the Pre-shared-key:

(host)(config) #crypto-local isakmp key <key> fqdn <fqdn-id>

Main Page

Alcatel-Lucent AOS-W 6.5.3.x - Page 369

Table of Contents