To view sent and received packet counters, use the following command:
esr# show tunnels counters l2tpv3 333
To view the tunnel configuration, use the following command:
esr# show tunnels configuration l2tpv3 333
9.4 IPsec VPN configuration
IPsec is a set of protocols that enable security features for data transferred via IP protocol. This set of
protocols allows for identity validation (authentication), IP packet integrity check and encryption, and also
includes protocols for secure key exchange over the Internet.
9.4.1 Route-based IPsec VPN configuration algorithm
Step Description Command Keys
1 Create a VTI tunnel and switch to its
configuration mode.
esr(config)# tunnel vti <TUN> <TUN> – device tunnel name.
2 Specify the local IP address of the VTI
tunnel.
esr(config-vti)#local address
<ADDR>
<ADDR> – IP address of a local
gateway.
3 Specify the remote IP address of the
VTI tunnel.
esr(config-vti)#remote address
<ADDR>
<ADDR> – IP address of a
remote gateway.
4 Specify the IP address of the VTI tunnel
local side.
esr(config-vti)# ip address <ADDR/
LEN>
<ADDR/LEN> – IP address and
prefix of a subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes
values of [0..255] and EE takes
values of [1..32].
5 Include the VTI tunnel in a security zone
and configure interaction rules between
zones or disable firewall for VTI tunnel.
esr(config-vti)# security-
zone<NAME>
<NAME> – security zone name,
set by the string of up to 12
characters.
esr(config-vti)# ip firewall disable
6 Enable the tunnel. esr(config-vti)#enable
7 Create an IKE profile and switch to its
configuration mode.
esr(config)# security ike proposal
<NAME>
<NAME> – IKE protocol name,
set by the string of up to 31
characters.
In addition to tunnel creation, you should enable UDP inbound traffic in the firewall with source port
519 and destination port 519.
To Next Page
Loading...
Need help?
General
