GRE Configuration Scenarios using OmniAccess 5740 USG
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
957
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
ON OA5740-B
a) Configure a tunnel interface
ALU-2(config)#interface tunnel1
ALU-2(config-if tunnel1)#ip address 192.168.0.2
255.255.255.0
ALU-2(config-if tunnel1)#no shutdown
b) Specify tunnel end-points
ALU-2(config-if tunnel1)#tunnel source 2.2.2.3
ALU-2(config-if tunnel1)#tunnel destination 2.2.2.1
IP
SEC POLICY CONFIGURATION ON OA5740-B
a) Configure a match-list
ALU-2(config)# match-list tunnel-traffic
ALU-2(config-match-list-tunnel-traffic)#1 gre host 2.2.2.3
host 2.2.2.1
b) Configure an IKE policy
ALU-2(config)# crypto ike policy test1
ALU-2(config-ike-policy-test1)#proposal md5-des
ALU-2(config-ike-policy-test1)#ipsec security-association
lifetime seconds 30000
ALU-2(config-ike-policy-test1)#lifetime seconds 86400
ALU-2(config-ike-policy-test1)#pfs group2
c) Configure an IKE Key
ALU-2(config)#crypto ike key testtest1 peer 2.2.2.1
d) Configure a transform set
ALU-2(config)# crypto ipsec transform-set test1 esp-md5-des
e) Configure a crypto map
ALU-2(config)#crypto map test1 ipsec-ike test1
ALU-2(config-crypto-map-test1)#peer 2.2.2.1
ALU-2(config)#match tunnel-traffic
ALU-2(config)#transform-set test1
ALU-2(config)#pfs group2
f) Attach crypto map to the interface
ALU(config)# interface GigabitEthernet3/0
ALU(config-if GigabitEthernet3/0)# crypto map test1
To Next Page
Loading...
