ESR Series Routers Operation Manual 71
7.19 IPsec VPN configuration
IPsec is a set of protocols that enable security features for data transferred via IP protocol. This set
of protocols allows for identity validation (authentication), IP packet integrity check and encryption, and
also includes protocols for secure key exchange over the Internet.
Fig. 7.21—Network structure
Objective: Configure IPsec tunnel between R1 and R2.
R1 IP address: 120.11.5.1
R2 IP address: 180.100.0.1
IKE:
Diffie-Hellman group: 2
encryption algorithm: AES 128 bit
authentication algorithm: MD5
IPSec:
encryption algorithm: AES 128 bit
authentication algorithm: MD5
7.19.1 Route-based IPsec VPN configuration:
Solution:
1. R1 configuration
Configure external network interface and identify its inherence to a security zone:
esr# configure
esr(config)# interface gi 1/0/1
esr(config-if-gi)# ip address 180.100.0.1/24
esr(config-if-gi)# security-zone untrusted
esr(config-if-gi)# exit
Create VTI tunnel. Traffic will be routed via VTI into IPsec tunnel. Specify IP addresses of WAN
border interfaces as a local and remote gateways:
esr(config)# tunnel vti 1
esr(config-vti)# local address 180.100.0.1
esr(config-vti)# remote address 120.11.5.1
esr(config-vti)# enable
esr(config-vti)# exit
To configure rules for security zones, you should create ISAKMP port profile:
esr(config)# object-group service ISAKMP
To Next Page
Loading...
