ESR series service routers.ESR-Series. User manual
Create IPsec VPN. For VPN, specify IKE protocol gateway, IPsec tunnel policy, key exchange mode and
connection establishment method. When all parameters are entered, enable tunnel using the enable
command:
esr(config)# security ipsec vpn ipsec1
esr(config-ipsec-vpn)# mode ike
esr(config-ipsec-vpn)# ike establish-tunnel route
esr(config-ipsec-vpn)# ike gateway ike_gw1
esr(config-ipsec-vpn)# ike ipsec-policy ipsec_pol1
esr(config-ipsec-vpn)# enable
esr(config-ipsec-vpn)# exit
esr(config)# exit
To view the tunnel status, use the following command:
esr# show security ipsec vpn status ipsec1
To view the tunnel configuration, use the following command:
esr# show security ipsec vpn configuration ipsec1
9.4.5 Remote Access IPsec VPN configuration algorithm
Remote Access IPsec VPN – scenario for organizing temporary VPN connections in which the IPsec VPN
server is waiting for incoming connections, and clients make temporary connections to the server to gain
access to network resources.
An additional feature of RA IPsec VPN is the ability to use the second IPsec authentication factor – Extended
Authentication (XAUTH), where the second authentication factor is the login-password pair for the IPsec VPN
client.
Step Description Command Keys
1 Create an IKE instance and switch to
its configuration mode.
esr(config)# security ike
proposal <NAME>
<NAME> – IKE protocol name,
set by the string of up to 31
characters.
2 Specify the description of the
configured tunnel (optional).
esr(config-ike-proposal)#
description <DESCRIPTION>
<DESCRIPTION> – tunnel
description, set by the string of
up to 255 characters.
3 Specify IKE authentication algorithm
(optional).
esr(config-ike-proposal)#
authentication algorithm
<ALGORITHM>
<ALGORITHM> – authentication
algorithm, takes values of: md5,
sha1, sha2-256, sha2‑384,
sha2-512.
Default value: sha1
Enable ESP and ISAKMP protocol (UDP port 500) in the firewall.
To Next Page
Loading...
