IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
816
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
IPSEC VPN CONFIGURATION
Refer to the following sections for configuring IPsec:
• “IPsec VPN Configuration Steps”
• “IPsec VPN Configuration Flow”
• “IPsec Configuration Commands”
• “IPsec VPN Show Commands”
IPSEC VPN CONFIGURATION STEPS
The following are the steps to configure IPsec VPN on the OmniAccess 5740
USG:
Step 1: Configure match-list and match-list rules. For more information on this,
refer to the “Common Classifiers” chapter in this guide.
Step 2: Configure a preshared key. See “IPsec Configuration with Preshared Key”
OR
Configure X.509 certificates. See “IPsec Configuration with X.509 Certificates”
Step 3: Configure IKE policy. See “To Configure an IKE Policy”
Step 4: Configure a Transform Set. See “To Configure Transform-set in IPsec”
Step 5: Configure crypto Map. See “To Configure IPsec Crypto Map”. And,
configure crypto map related parameters.
• Attach a match-list to a crypto map. See “To Attach Match-list to a Crypto
Map”
• Attach a peer to a crypto map. See “To Attach a Peer to a Crypto MAP”
• Attach a transform set to a crypto map. See “To Attach a Transform Set to a
Crypto Map” (Optional)
• Attach PFS group to a crypto map. See “To Attach PFS Group to a Crypto
Map” (Optional)
• Configure lifetime for a crypto map. See “To Configure Lifetime for a Crypto
Map” (Optional)
• Attach an IKE identity to a crypto map if the authentication type is ‘rsa-sig’.
See “To Attach an IKE Identity to a Crypto Map”