ELTEX ESR-1000 - LT-Tunnels Configuration

To Next Page

To Previous Page

ESR Series Routers Operation Manual 77

esr(config)# security ipsec vpn ipsec1

esr(config-ipsec-vpn)# mode ike

esr(config-ipsec-vpn)# ike establish-tunnel immediate

esr(config-ipsec-vpn)# ike gateway ike_gw1

esr(config-ipsec-vpn)# ike ipsec-policy ipsec_pol1

esr(config-ipsec-vpn)# enable

esr(config-ipsec-vpn)# exit

esr(config)# exit

You can view the state of the tunnel using following command:

esr# show security ipsec vpn status ipsec1

You can view the configuration of the tunnel using following command:

esr# show security ipsec vpn configuration ipsec1

It is necessery to enable ESP and ISAKMP (UDP - port 500) in firewall.

7.20 LT-tunnels configuration

LT (logical tunnel) is a type of tunnels dedicated for transmission of routing information and traffic

between different virtual routers (VRF Lite) configured on a router. LT-tunnel might be used for

organization of interaction between two or more VRF using firewall restrictions.

Objective: Organize interaction between hosts terminated in two VRF vrf_1 and vrf_2.

Initial configuration:

hostname esr

ip vrf vrf_1

exit

ip vrf vrf_2

exit

interface gigabitethernet 1/0/1

ip vrf forwarding vrf_1

Ip firewall disable

ip address 10.0.0.1/24

exit

interface gigabitethernet 1/0/2

ip vrf forwarding vrf_2

Ip firewall disable

ip address 10.0.1.1/24

exit

Solution:

Create LT-tunnels for each VRF, specifying IP address from one subnet:

esr(config)# tunnel lt 1

esr(config-lt)# ip vrf forwarding vrf_1

esr(config-lt)# Ip firewall disable

esr(config-lt)# ip address 192.168.0.1/30

esr(config-lt)# exit

esr(config)# tunnel lt 2

esr(config-lt)# ip vrf forwarding vrf_2

esr(config-lt)# Ip firewall disable

esr(config-lt)# ip address 192.168.0.2/30

esr(config-lt)# exit

Main Page

ELTEX ESR-1000 - LT-Tunnels Configuration

Table of Contents

Other manuals for ELTEX ESR-1000

Related product manuals