EasyManua.ls Logo

ELTEX ESR-100 - Page 73

ELTEX ESR-100
109 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR Series Routers Operation Manual 73
esr(config)# exit
2. R2 configuration
Configure external network interface and identify its inherence to a security zone:
esr# configure
esr(config)# interface gi 1/0/1
esr(config-if)# ip address 120.11.5.1/24
esr(config-if)# security-zone untrusted
esr(config-if)# exit
Create VTI tunnel. Traffic will be routed via VTI into IPsec tunnel. Specify IP addresses of WAN
border interfaces as a local and remote gateways:
esr(config)# tunnel vti 1
esr(config-vti)# remote address 180.100.0.1
esr(config-vti)# local address 120.11.5.1
esr(config-vti)# enable
esr(config-vti)# exit
To configure rules for security zones, you should create ISAKMP port profile:
esr(config)# object-group service ISAKMP
esr(config-addr-set)# port-range 500
esr(config-addr-set)# exit
Create a static route to the remote LAN. For each subnet located behind an IPsec tunnel, specify a
route via VTI tunnel:
esr(config)# ip route 10.0.0.0/16 tunnel vti 1
Create IKE protocol profile. In the profile, select Diffie-Hellman group 2, AES 128 bit encryption
algorithm, MD5 authentication algorithm. Use the following parameters to secure IKE connection:
esr(config)# security ike proposal ike_prop1
esr(config-ike-proposal)# dh-group 2
esr(config-ike-proposal)# authentication algorithm md5
esr(config-ike-proposal)# encryption algorithm aes128
esr(config-ike-proposal)# exit
esr(config)#
Create IKE protocol policy. For the policy, specify the list of IKE protocol profiles that may be used
for node and authentication key negotiation:
esr(config)# security ike policy ike_pol1
esr(config-ike-policy)# pre-shared-key hexadecimal 123FFF
esr(config-ike-policy)# proposal ike_prop1
esr(config-ike-policy)# exit
Create IKE protocol gateway. For this profile, specify VTI tunnel, policy, protocol version and mode
of traffic redirection into the tunnel.
esr(config)# security ike gateway ike_gw1
esr(config-ike-gw)# ike-policy ike_pol1
esr(config-ike-gw)# mode route-based
esr(config-ike-gw)# bind-interface vti 1
esr(config-ike-gw)# version v2-only
esr(config-ike-gw)# exit

Table of Contents

Other manuals for ELTEX ESR-100

Preview: Quick Start And Installation Guide
Quick Start And Installation Guide19 pages

Related product manuals