IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
902
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
O
N OA5740-B (SPOKE)
a) Configure a NHRP object, and parameters under a NHRP object. Configure IP
address of the NHS in a NHRP object, static map entry for NHS and NHS network
identifier.
OA5740-B(config)# ip nhrp alu-dmvpn1
OA5740-B(config-nhrp-alu-dmvpn1)# nhs 2.2.2.1
OA5740-B(config-nhrp-alu-dmvpn1)# map 2.2.2.1 10.1.1.1
OA5740-B(config-nhrp-alu-dmvpn1)# network-id 1234
b) IPsec VPN configuration: Configure preshared key, IKE policy, Transform Set.
OA5740-B(config)# crypto ike key top_secret1612 peer 0.0.0.0
OA5740-B(config)# crypto ike policy IKE2
OA5740-B(config-crypto-ike-policy-IKE2)#
OA5740-B(config)# crypto ipsec transform-set TS1 esp-md5-des
c) Configure IPsec Profile
OA5740-B(config)# crypto ipsec profile PF2
OA5740-B(ipsec-profile-PF2)# ike-policy IKE2
OA5740-B(ipsec-profile-PF2)# transform-set TS1
OA5740-B(ipsec-profile-PF2)# pfs group2
d) Configure an interface.
OA5740-B(config)# interface Serial 0/0
OA5740-B(config-if Serial0/0)# no shutdown
OA5740-B(config-if Serial0/0)# ip address 10.1.3.1
e) Configure a tunnel interface.
OA5740-B(config)# interface Tunnel 1
OA5740-B(config-if Tunnel1)# no shutdown
OA5740-B(config-if Tunnel1)# ip address 2.2.2.3
OA5740-B(config-if Tunnel1)# mode multipoint-gre
f) Specify tunnel source, attach the configured IPsec profile and NHRP object to
the tunnel.
OA5740-B(config-if Tunnel1)# tunnel source 10.1.3.1
OA5740-B(config-if Tunnel1)# ipsec-profile PF2
OA5740-B(config-if Tunnel1)# nhrp alu-dmvpn1
V
ERIFICATION WITH SHOW COMMAND
Verify the configuration by using the ‘show ip nhrp [configuration]’’ command.
To Next Page
Loading...
