ESR series service routers.ESR-Series. User manual
9.4 IPsec VPN configuration
IPsec is a set of protocols that enable security features for data transferred via IP protocol. This set of
protocols allows for identity validation (authentication), IP packet integrity check and encryption, and also
includes protocols for secure key exchange over the Internet.
9.4.1 Route-based IPsec VPN configuration algorithm
Step Description Command Keys
1 Create a VTI tunnel and switch to its
configuration mode.
esr(config)# tunnel vti <TUN> <TUN> – device tunnel name.
2 Specify the local IP address of the VTI
tunnel.
esr(config-vti)#local address
<ADDR>
<ADDR> – IP address of a local
gateway.
3 Specify the remote IP address of the
VTI tunnel.
esr(config-vti)#remote address
<ADDR>
<ADDR> – IP address of a
remote gateway.
4 Specify the IP address of the VTI tunnel
local side.
esr(config-vti)# ip address <ADDR/
LEN>
<ADDR/LEN> – IP address and
prefix of a subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes
values of [0..255] and EE takes
values of [1..32].
5 Include the VTI tunnel in a security zone
and configure interaction rules between
zones or disable firewall for VTI tunnel.
esr(config-vti)# security-
zone<NAME>
<NAME> – security zone name,
set by the string of up to 12
characters.
esr(config-vti)# ip firewall disable
6 Enable the tunnel. esr(config-vti)#enable
7 Create an IKE profile and switch to its
configuration mode.
esr(config)# security ike proposal
<NAME>
<NAME> – IKE protocol name,
set by the string of up to 31
characters.
8 Specify the description of the
configured IKE profile (optional).
esr(config-ike-proposal)#
description<DESCRIPTION>
<DESCRIPTION> – tunnel
description, set by the string of
up to 255 characters.
9 Specify IKE authentication algorithm
(optional).
esr(config-ike-proposal)#
authentication algorithm
<ALGORITHM>
<ALGORITHM> –
authentication algorithm, takes
values of: md5, sha1, sha2-256,
sha2‑384, sha2-512.
Default value: sha1.
To Next Page
Loading...