MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 249
Figure 3-166. VPN Setup Example
The remote Ethernet device is connected to the Orbit via Ethernet on 192.168.1.0/24 network. The device
establishes a IPsec tunnel with IPsec VPN gateway, thereby securely connecting remote private network
(192.168.1.0/24) with back-office private network (192.168.2.0/24). This allows PC (192.168.2.2) to
communicate with remote Ethernet device (192.168.1.2) using any TCP/UDP/IP based protocol and vice
versa.
Following are the high level configuration steps involved in IPsec configuration:
Configure an IKE policy specifying an authentication method, cipher suites to be included the 6.
proposal during IKE phase-1 and the credentials to be used for authentication, e.g.; certificates or
pre-shared keys.
Configure an IKE peer specifying the peer endpoint address and IKE policy to be used for IKE 7.
phase-1 negotiation. The “role” specifies whether Orbit initiates the connection (initiator) or it waits
for the connection from the peer (responder). This should usually be set to “initiator”.
Configure an IPsec policy specifying ESP cipher suites to be included in the proposal during IKE 8.
phase-2.
Configure an IPsec connection specifying IKE peer, IPsec policy and local and remote private IP 9.
subnets.
NOTE The above configuration parameters should match with the corresponding parameters set in the
peer. Otherwise, the IPsec tunnel will not succeed. Typical configuration mistakes include
incorrect security credentials (psk or certificates/keys), mismatched cipher suite configuration
and mismatched local and remote subnet configuration.
Example
The following example describes the step-by-step VPN configuration for the example network shown in
figure above. We'll assume that certificates are being used as security credentials and have already been
loaded in the Orbit either manually or via SCEP.
Configuration of the example above is possible via the Web UI's VPN Setup Wizard, or the CLI. Both
procedures are shown below.
To Next Page
Loading...
Need help?
General
