Generic Routing Encapsulation
Left running head:
Chapter name (automatic)
956
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
IP
SEC VPN CONFIGURATION PROCESS
ON OA5740-A
a) Configure a tunnel interface
ALU-1(config)#interface tunnel1
ALU-1(config-if tunnel1)#ip address 192.168.0.1/24
ALU-1(config-if tunnel1)#no shutdown
b) Specify tunnel end-points
ALU-1(config-if tunnel1)#tunnel source 2.2.2.1
ALU-1(config-if tunnel1)#tunnel destination 2.2.2.3
IP
SEC POLICY CONFIGURATION ON OA5740-A
a) Configure a match-list
ALU-1(config)# match-list tunnel-traffic
ALU-1(config-match-list-tunnel-traffic)#1 gre host 2.2.2.1
host 2.2.2.3
b) Configure an IKE policy
ALU-1(config)# crypto ike policy test
ALU-1(config-ike-policy-test)#proposal md5-des
ALU-1(config-ike-policy-test)#ipsec security-association
lifetime seconds 28800
ALU-1(config-ike-policy-test)#lifetime seconds 86400
ALU-1(config-ike-policy-test)#pfs group2
c) Configure an IKE Key
ALU-1(config)#crypto ike key test1234 peer 2.2.2.3
d) Configure a transform set
ALU-1(config)# crypto ipsec transform-set test esp-md5-des
e) Configure a crypto map
ALU-1(config)#crypto map test ipsec-ike test
ALU-1(config-crypto-map-test)#peer 2.2.2.3
ALU-1(config-crypto-map-test)#match tunnel-traffic
ALU-1(config-crypto-map-test)#transform-set test
ALU-1(config-crypto-map-test)#pfs group2
f) Attach crypto map to the interface
ALU(config)# interface GigabitEthernet3/1
ALU(config-if GigabitEthernet3/1)# crypto map test
To Next Page
Loading...
