ELTEX ESR-3100 - Page 183

To Next Page

To Previous Page

ESR series service routers.ESR-Series. User manual

183

Map IPsec to the GRE tunnel, in order to be able to establish an encrypted connection with the server

and with other network clients:

esr(config)# tunnel gre 1

esr(config-gre)# ip nhrp ipsec ipsec_hub static

esr(config-gre)# ip nhrp ipsec ipsec_spoke dynamic

esr(config-gre)# exit

To view the NHRP records status, use the following command.

esr# show ip nhrp

Additionally, in the security zone-pair untrusted self, the protocols for the GRE over IPSec tunnel must be

allowed.

esr(config)# object-group service ISAKMP_PORT

esr(config-object-group-service)# port-range 500

esr(config-object-group-service)# poRt-range 4500

esr(config-object-group-service)# exit

esr(config)# security zone-pair untrusted self

esr(config-zone-pair)# rule 1

esr(config-zone-pair-rule)# action permit

esr(config-zone-pair-rule)# match protocol udp

esr(config-zone-pair-rule)# match destination-port ISAKMP_PORT

esr(config-zone-pair-rule)# enable

esr(config-zone-pair-rule)# exit

esr(config-zone-pair)# rule 2

esr(config-zone-pair-rule)# action permit

esr(config-zone-pair-rule)# match protocol gre

esr(config-zone-pair-rule)# enable

esr(config-zone-pair-rule)# exit

esr(config-zone-pair)# rule 3

esr(config-zone-pair-rule)# action permit

esr(config-zone-pair-rule)# match protocol esp

esr(config-zone-pair-rule)# enable

esr(config-zone-pair-rule)# exit

esr(config-zone-pair)# rule 4

esr(config-zone-pair-rule)# action permit

esr(config-zone-pair-rule)# match protocol ah

esr(config-zone-pair-rule)# enable

esr(config-zone-pair-rule)# exit

esr(config-zone-pair)# exit

Related product manuals