ELTEX ESR Series - Page 189

To Next Page

To Previous Page

ESR-Series. User manual

189

•

IKE:

Diffie-Hellman group: 2;

encryption algorithm: AES 128 bit;

authentication algorithm: MD5.

IPSEC:

encryption algorithm: AES 128 bit;

authentication algorithm: MD5.

Solution:

R1 configuration

Configure external network interface and identify its inherence to a security zone:

esr# configure

esr(config)# interface gigabitethernet 1/0/1

esr(config-if-gi)# ip address 198.51.100.1/24

esr(config-if-gi)# security-zone untrusted

esr(config-if-gi)# exit

To configure security zones rules, you should create ISAKMP port profile:

esr(config)# object-group service ISAKMP

esr(config-object-group-service)# port-range 500

esr(config-object-group-service)# exit

Create IKE protocol profile. Select Diffie-Hellman group 2, AES 128 bit encryption algorithm and MD5

authentication algorithm in the profile. The given security parameters are used for IKE connection

protection:

esr(config)# security ike proposal ike_prop1

esr(config-ike-proposal)# dh-group 2

esr(config-ike-proposal)# authentication algorithm md5

esr(config-ike-proposal)# encryption algorithm aes128

esr(config-ike-proposal)# exit

Create IKE protocol policy. For the policy, specify the list of IKE protocol profiles that may be used for

node and authentication key negotiation:

esr(config)# security ike policy ike_pol1

esr(config-ike-policy)# pre-shared-key hexadecimal 123FFF

esr(config-ike-policy)# proposal ike_prop1

esr(config-ike-policy)# exit

Related product manuals