Configure
Left running head:
Chapter name (automatic)
60
Beta Beta
OmniAccess 5740 Unified Services Gateway Web GUI Users Guide
Alcatel-Lucent
• GRE header format is as follows:
----------------------------------------------------------------------------------------------------
| Reserved0 = 0 (13 bits) | Ver=0 (bits) | Protocol (16bits) |
----------------------------------------------------------------------------------------------------
• GRE uses the Ethernet protocol identifiers (from RFC-1700) to identify the
type of protocol packet that is being tunneled.
• GRE packet is encapsulated using an outer IP header.
• Outer IP header’s IP protocol value = 47
Alcatel-Lucent Specific Overview
• OmniAccess 5740 USG does not support overlapping of private addresses.
• The source IP address must be configured either on a loopback interface or
on one of the physical interfaces.
• IPSec Tunnel Interface
Alcatel-Lucent provides support for IPSec in a tunnel mode with encryption,
intended for secure site-to-site communications over an untrusted network.
Currently IPSec can be configured through a crypto-map and applied to a
interface.In addition, IPSec as a tunnel interface is required so that,
• Pre, post encryption or decryption policies for QoS, Filters, ACL can be
applied.
• Match-list will be route based rather than policy based, which means that
routing can control what traffic needs to be secure.
• Tunnel fail over can be handled by having traffic routed through another
tunnel interface.
• Allows to run dynamic routing protocols over the tunnel.
Before You Configure IPSec Tunnel Interface
Here are a few guidelines that you need to pay attention when configuring
OmniAccess 5740 USG for IPSec Tunnel Interface.
• Routing setup must be in ordinance.
• The interface being configured be a configurable interface, i.e., associated
with an IP address.
• Tunnel endpoints (source and destination) should be specified. The source
address could be a configured IP address or another interface address (thus
deriving its IP address). The Destination address is the address of the peer
with which IKE negotiation will take place.
• Parameters required in tunnel negotiation should be configured. These
parameters are IPSec transform set, IKE policy, SA lifetime, PFS, IKE Identity.
To Next Page
Loading...
