IPsec Tunnel Configuration Scenarios using OmniAccess 5740 USG
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
885
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
ON OMNIACCESS 5740 USG
a) IPsec VPN configuration: Configure preshared key, IKE policy, Transform Set.
ALU-1(config)# crypto ike key top_secret1612 peer 2.2.2.3
ALU-1(config)# crypto ike policy IKE1
ALU-1(config-ike-policy-IKE1)#proposal md5-des
ALU-1(config-ike-policy-IKE1)#ipsec security-association
lifetime seconds 30000
ALU-1(config-ike-policy-IKE1)#lifetime seconds 86400
ALU-1(config-ike-policy-IKE1)#pfs group2
ALU-1(config)# crypto ipsec transform-set TS1 esp-md5-des
b) Configure IPsec Profile
ALU(config)# crypto ipsec profile PF1
ALU(ipsec-profile-PF1)# ike-policy IKE1
ALU(ipsec-profile-PF1)# transform-set TS1
ALU(ipsec-profile-PF1)# pfs group2
c) Configure an interface
ALU-1(config)# interface GigabitEthernet3/1
ALU(config-if GigabitEthernet3/1)# no shutdown
ALU(config-if GigabitEthernet3/1)# ip address 2.2.2.1
d) Configure a tunnel interface
ALU-1(config)# interface Tunnel 1
ALU-1(config-if Tunnel1)# no shutdown
ALU-1(config-if Tunnel1)# ip address 192.168.0.1
255.255.255.255
ALU-1(config-if Tunnel1)# mode ipsec
e) Specify tunnel end-points, and attach IPsec Profile to the tunnel interface.
ALU-1(config-if Tunnel1)# tunnel source 2.2.2.1
ALU-1(config-if Tunnel1)# tunnel destination 2.2.2.3
ALU-1(config-if Tunnel1)# ipsec-profile PF1
O
N ALCATEL-LUCENT BRICK
Consider a VPN Firewall Brick with specific IPsec tunnel configuration with tunnel
source being 2.2.2.3 and tunnel destination as 2.2.2.1.
V
ERIFICATION WITH SHOW COMMANDS
Verify the configuration by using the ‘show crypto’ or ‘show crypto ipsec profile’
command.
To Next Page
Loading...
