Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
494
Note Depending on your network configuration, you may need to add a packet filtering rule to
allow incoming traffic. For example, for the IPsec zone:
a. Type ... to move to the root of the configuration:
(config vpn ipsec tunnel ipsec_example)> ...
(config)>
b. Add a packet filter:
(config)> add firewall filter end
(config firewall filter 2)>
c. Set the label to Allow incoming IPsec traffic:
(config config firewall filter 2)> label "Allow incoming IPsec
traffic"
(config firewall filter 2)>
d. Set the source zone to ipsec:
(config config firewall filter 2)> src_zone ipsec
(config firewall filter 2)>
6. Set the metric for the IPsec tunnel. When more than one active route matches a destination,
the route with the lowest metric is used. The metric can also be used in tandem with SureLink
to configure IPsec failover behavior. See Configure IPsec failover for more information.
(config vpn ipsec tunnel ipsec_example)> metric value
(config vpn ipsec tunnel ipsec_example)>
where value is any integer between 0 and 65535.
7. Set the mode:
(config vpn ipsec tunnel ipsec_example)> mode mode
(config vpn ipsec tunnel ipsec_example)>
where modeiseither:
n
tunnel: The entire IPpacket is encrypted and/or authenticated and then encapsulated
as the payload in a new IPpacket.
n
transport: Only the payload of the IPpacket is encrypted and/or authenticated. The IP
header is unencrypted.
The default is tunnel.
8. Set the protocol:
(config vpn ipsec tunnel ipsec_example)> type protocol
(config vpn ipsec tunnel ipsec_example)>
where protocol is either:
To Next Page
Loading...