Virtual Private Networks (VPN) IPsec
IX10 User Guide
322
a. Type ... to move to the root of the configuration:
(config vpn ipsec tunnel ipsec_example)> ...
(config)>
b. Add a packet filter:
(config)> add firewall filter end
(config firewall filter 2)>
c. Set the label to Allow incoming IPsec traffic:
(config config firewall filter 2)> label "Allow incoming IPsec
traffic"
(config firewall filter 2)>
d. Set the source zone to ipsec:
(config config firewall filter 2)> src_zone ipsec
(config firewall filter 2)>
6. Set the metric for the IPsec tunnel. When more than one active route matches a destination,
the route with the lowest metric is used. The metric can also be used in tandem with SureLink
to configure IPsec failover behavior. See Configure IPsec failover for more information.
(config vpn ipsec tunnel ipsec_example)> metric value
(config vpn ipsec tunnel ipsec_example)>
where value is any integer between 0 and 65535.
7. Set the mode:
(config vpn ipsec tunnel ipsec_example)> mode mode
(config vpn ipsec tunnel ipsec_example)>
where mode is either:
n
tunnel: The entire IP packet is encrypted and/or authenticated and then encapsulated
as the payload in a new IP packet.
n
transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP
header is unencrypted.
The default is tunnel.
8. Set the protocol:
(config vpn ipsec tunnel ipsec_example)> type protocol
(config vpn ipsec tunnel ipsec_example)>
where protocol is either:
n
esp (Encapsulating Security Payload): Provides encryption as well as authentication
and integrity.
n
ah (Authentication Header): Provides authentication and integrity only.
The default is esp.
To Next Page
Loading...
