ESR series service routers.ESR-Series. User manual
•
Step Description Command Keys
4 Specify the IP address of the VTI
tunnel local side (optional).
esr(config-vti)# ip address
<ADDR/LEN>
<ADDR/LEN> – IP address and
prefix of a subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes values
of [0..255] and EE takes values of
[1..31].
5 Define Diffie-Hellman group number
(optional).
esr(config-ike-proposal)# dh-
group <DH-GROUP>
<DH-GROUP> – Diffie-Hellman
group number, takes values of [1,
2, 5, 14, 15, 16, 17, 18].
Default value: 1
6 Create an IKE profile policy and switch
to its configuration mode.
esr(config)# security ike policy
<NAME>
<NAME> – IKE policy name, set
by the string of up to 31
characters.
7 Specify the authentication mode. esr(config-ike- policy)#
authentication method
<METHOD>
<METHOD> – key authentication
method. May take the following
values:
xauth-psk-key – two-
factor authentication
method using a login-
password pair and
previously obtained
encryption keys.
8 Set the client mode (only for client). esr(config-ike- policy)#
authentication mode client
9 Specify the lifetime of IKE protocol
connection (optional).
esr(config-ike- policy)# lifetime
seconds <SEC>
<SEC> – time interval, takes
values of [4..86400] seconds.
Default value: 3600
10 Bind the policy to profile. esr(config-ike-policy)# proposal
<NAME>
<NAME> – IKE protocol name,
set by the string of up to 31
characters.
11 Specify authentication key. esr(config-ike-policy)#pre-
shared-key ascii-text <TEXT>
<TEXT> – string [1..64] ASCII
characters.
12 Create an access profile. esr(config)# access profile
<NAME>
<NAME> – access profile name,
set by the string of up to 31
characters.
13 Create user name. esr(config-access-profile)# user
<LOGIN>
<LOGIN> – login for client, set by
the string of up to 31 characters.
To Next Page
Loading...