Configuration Guide 7. IPSec Tunneling
Version 7.2 29 Security Setup
7 IPSec Tunneling
The device supports the IPSec tunnel protocol. IPSec tunnels encrypt sessions between two
points. These points could be single computers, network segment or selected hosts. The
IPSec encryption uses the AES, 3DES or DES algorithms.
There are many practical uses for encrypting data. For example, if some corporation would
like to provide guest access to the internet for the corporation guests, but also the corporation
would like to protect itself from corporate espionage, it is a good practice to use IPSec.
Figure 7-1: IPSec and Guest Access
In the example above, the Corporate Branch Users are connected through the IPSec tunnel
to the Corporate HQ. The communication is encrypted using IPSec, and the Guest Users, or
anyone on the Internet are not able to "read" and understand the traffic between the
segments. This solution is also applicable to other applications that need to encrypt traffic
such as protecting classified project in the same organization.
To configure IPSec, use the following commands:
Table 7-1: IPsec Tunneling
Command Description
Enter the data configuration menu.
(config-data)# access-list ipsec
permit ip 192.168.0.0 0.0.0.255
Create an ACL to capture traffic for IPSec. This
will later become an entry in the routing table.
(config-data)# crypto isakmp
policy 1
Configure the isakmp policy.
(config-isakmp)# encryption aes
128
Configure the encryption protocol (AES, DES or
3DES). The number is the amount of bits for the
encryption protocol.
(config-isakmp)# authentication
pre-share
Choose an authentication method (pre-shared
key or Rivest-Shamir-Adleman Signature).
(config-isakmp)# hash sha
Configures the hashing protocol (sha, sha256,
or md5). The sha protocol is stronger than md5.
To Next Page
Loading...
