ESR series service routers.ESR-Series. User manual
2.
Create IPsec VPN. For VPN, specify IKE protocol gateway, IPsec tunnel policy, key exchange mode and
connection establishment method. When all parameters are entered, enable tunnel using the enable
command.
esr(config)# security ipsec vpn ipsec1
esr(config-ipsec-vpn)# mode ike
esr(config-ipsec-vpn)# ike establish-tunnel route
esr(config-ipsec-vpn)# ike gateway ike_gw1
esr(config-ipsec-vpn)# ike ipsec-policy ipsec_pol1
esr(config-ipsec-vpn)# enable
esr(config-ipsec-vpn)# exit
esr(config)# exit
R2 configuration
Configure external network interface and identify its inherence to a security zone:
esr# configure
esr(config)# interface gi 1/0/1
esr(config-if)# ip address 120.11.5.1/24
esr(config-if)# security-zone untrusted
esr(config-if)# exit
Create VTI tunnel. Traffic will be routed via VTI into IPsec tunnel. Specify IP addresses of WAN border
interfaces as local and remote gateways:
esr(config)# tunnel vti 1
esr(config-vti)# remote address 180.100.0.1
esr(config-vti)# local address 120.11.5.1
esr(config-vti)# enable
esr(config-vti)# exit
To configure security zones rules, create ISAKMP port profile:
esr(config)# object-group service ISAKMP
esr(config-object-group-service)# port-range 500
esr(config-object-group-service)# exit
Create a static route to the remote LAN. For each subnet located beyond the IPsec tunnel, specify a
route via VTI tunnel:
esr(config)# ip route 10.0.0.0/16 tunnel vti 1
Create IKE protocol profile. Select Diffie-Hellman group 2, AES 128 bit encryption algorithm and MD5
authentication algorithm in the profile. The given security parameters are used for IKE connection
protection:
esr(config)# security ike proposal ike_prop1
esr(config-ike-proposal)# dh-group 2
esr(config-ike-proposal)# authentication algorithm md5
esr(config-ike-proposal)# encryption algorithm aes128
esr(config-ike-proposal)# exit
esr(config)#
To Next Page
Loading...
Need help?
General
