ESR series service routers.ESR-Series. User manual
•
•
To view the tunnel configuration, use the following command:
esr# show security ipsec vpn configuration ipsec1
9.4.3 Policy-based IPsec VPN configuration algorithm
Step Description Command Keys
1 Create an IKE instance and switch to its
configuration mode.
esr(config)# security ike proposal
<NAME>
<NAME> – IKE protocol name,
set by the string of up to 31
characters.
2 Specify the description of the
configured tunnel (optional).
esr(config-ike-proposal)#
description<DESCRIPTION>
<DESCRIPTION> – tunnel
description, set by the string of
up to 255 characters.
3 Specify IKE authentication algorithm. esr(config-ike-proposal)#
authentication algorithm
<ALGORITHM>
<ALGORITHM> –
authentication algorithm, takes
values of: md5, sha1, sha2-256,
sha2‑384, sha2-512.
4 Specify IKE encryption algorithm. esr(config-ike-proposal)#
encryption algorithm
<ALGORITHM>
<ALGORITHM> – encryption
protocol, takes the following
values: des, 3des, blowfish128,
blowfish192, blowfish256,
aes128, aes192, aes256,
aes128ctr, aes192ctr,
aes256ctr, camellia128,
camellia192, camellia256.
5 Define Diffie-Hellman group number. esr(config-ike-proposal)# dh-group
<DH-GROUP>
<DH-GROUP> – Diffie-Hellman
group number, takes values of
[1, 2, 5, 14, 15, 16, 17, 18].
6 Specify the authentication mode. esr(config-ike-proposal)#
authentication method <METHOD>
<METHOD> – key
authentication method. May
take the following values:
pre-shared-key –
authentication method
using pre-received
encryption keys;
rsa-public-key –
authentication method
using RSA certificate.
7 Create an IKE profile policy and switch
to its configuration mode.
esr(config)# security ike policy
<NAME>
<NAME> – IKE policy name, set
by the string of up to 31
characters.
Enable ESP and ISAKMP protocol (UDP port 500) in the firewall.
To Next Page
Loading...