EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 370

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
For a static IP switch that responds to IKE Aggressive-mode for Site-Site VPN with one PSK for All FQDNs:
(host)(config) #crypto-local ipsec-map <name2> <priority>
src-net <ipaddr> <mask>
peer-ip 0.0.0.0
peer-fqdn any-fqdn
vlan <id>
trusted enable
For the Pre-shared-key for All FQDNs:
(host)(config) #crypto-local isakmp key <key> fqdn-any
Supporting Null Encryption for IKEv1
Starting from AOS-W 6.5.1, XLPbased switches are supported with null encryption for IKEv1 as an encryption
algorithm. This helps in reducing the load on the local router for internet destined traffic.
Null encryption does not increase the security of traffic routed but is used only to imply that no encryption
method is used over a particular transmission. Null Encryption can now be configured as an encryption
algorithm in transform set, which can be used in any crypto map.
Since null encryption is supported only for IKEv1, it should be used only for crypto maps with version 1.
In the WebUI
To create a new transformation set with null encryption as the encryption algorithm, perform the following
steps in the WebUI:
1. Navigate to Configuration > Advanced Services > VPN Services > Advanced tab.
2. Under IPSEC Transform Sets click Add.
3. Enter a name in Transform Set Name.
4. Select ESP-NULLfrom the Encryption drop-down list.
5. Click Done.
6. Click Apply.
To add the transformation set in the crypto map created, perform the following steps in the WebUI:
1. Navigate to Configuration > Advanced Services > VPN Services > Site-To-Site tab.
2. Under IPSec Maps click Add.
3. Enter a Name.
4. Select the name of the transform set created from the Transforms Sets drop-down list and click <-- .
5. Click Done.
6. Click Apply.
In the CLI
Execute the following command to create a new transformation set with null encryption as the encryption
algorithm:
(host)(config) #crypto ipsec transform-set test esp-null esp-sha-hmac
Execute the following commands to add the transformation set in the crypto map created:
(host)(config) #crypto-local ipsec-map test_map 500
(host)(config-ipsec-map) #set transform-set test
AOS-W 6.5.3.x | User Guide Virtual Private Networks | 370

Table of Contents