ELTEX ESR-100 - Page 76

To Next Page

To Previous Page

76 ESR Series Routers Operation Manual

esr# configure

esr(config)# interface gi 1/0/1

esr(config-if)# ip address 120.11.5.1/24

esr(config-if)# security-zone untrusted

esr(config-if)# exit

Create ISAKMP port profile in order to configure security zone rules:

esr(config)# object-group service ISAKMP

esr(config-addr-set)# port-range 500

esr(config-addr-set)# exit

Create IKE profile. In the profile, specify Diffie-Hellman group as 2, encryption algorithm - AES 128

bit, authentication algorithm - MD5. This security parameters is used for protection of IKE connection:

esr(config)# security ike proposal ike_prop1

esr(config-ike-proposal)# dh-group 2

esr(config-ike-proposal)# authentication algorithm md5

esr(config-ike-proposal)# encryption algorithm aes128

esr(config-ike-proposal)# exit

esr(config)#

Create IKE protocol policy. Specify list of IKE protocol profiles, which can be used for nodes and

authentication key negotiation:

esr(config)# security ike policy ike_pol1

esr(config-ike-policy)# pre-shared-key hexadecimal 123FFF

esr(config-ike-policy)# proposal ike_prop1

esr(config-ike-policy)# exit

Create IKE protocol gateway. In this profile, specify VTI tunnel, policy, version of protocol and traffic

to tunnel redirection mode:

esr(config)# security ike gateway ike_gw1

esr(config-ike-gw)# ike-policy ike_pol1

esr(config-ike-gw)# remote address 180.100.0.1

esr(config-ike-gw)# remote network 10.0.0.0/16

esr(config-ike-gw)# local address 120.11.5.1

esr(config-ike-gw)# local network 192.0.2.0/24

esr(config-ike-gw)# mode policy-based

esr(config-ike-gw)# exit

Create security parameters' profile for IPsec tunnel. For the profile, select AES 128 bit encryption

algorithm, MD5 authentication algorithm. Use the following parameters to secure IPsec tunnel:

esr(config)# security ipsec proposal ipsec_prop1

esr(config-ipsec-proposal)# authentication algorithm md5

esr(config-ipsec-proposal)# encryption algorithm aes128

esr(config-ipsec-proposal)# exit

Create policy for IPsec tunnel. For the policy, specify the list of IPsec tunnel profiles that may be

used for node negotiation:

esr(config)# security ipsec policy ipsec_pol1

esr(config-ipsec-policy)# proposal ipsec_prop1

esr(config-ipsec-policy)# exit

Create IPsec VPN. For VPN, specify IKE protocol gateway, IPsec tunnel policy, key exchange mode

and connection establishment method. When all parameters are entered, enable tunnel using enable

command.

Main Page

ELTEX ESR-100 - Page 76

Table of Contents

Other manuals for ELTEX ESR-100

Related product manuals