MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 339
Above NETMON configuration assumes AP’s bridge interface IP address is 192.168.1.4.
NOTE Since the AP and REMOTEs are now part of a single layer-2 network, the bridge interfaces
need to be assigned distinct IP addresses.
Using the CLI
Configurable IPsec tunnel (a pre-shared-key based example shown below) from REMOTE to AP. It is
assumed that REMOTE-1’s cell IP address is 10.150.1.10, REMOTE-2’s cell IP address is 10.150.1.20
and AP’s cell IP address is 10.150.1.1.
AP Configuration
Configure IPsec transport mode connections
% set services vpn enabled true
% set services vpn ike policy REMOTE-1_ike_policy auth-method pre-shared-key
% set services vpn ike policy REMOTE-1_ike_policy pre-shared-key remote1
% set services vpn ike policy REMOTE-1_ike_policy ciphersuite ike_policy_cipher0
% set services vpn ike policy REMOTE-1_ike_policy life-time 180
% set services vpn ike peer REMOTE-1_ike_peer ike-policy REMOTE-1_ike_policy
% set services vpn ike peer REMOTE-1_ike_peer local-endpoint address 10.150.1.1
% set services vpn ike peer REMOTE-1_ike_peer local-identity default
% set services vpn ike peer REMOTE-1_ike_peer peer-endpoint address 10.150.1.10
% set services vpn ike peer REMOTE-1_ike_peer peer-identity default
% set services vpn ike peer REMOTE-2_ike_peer role responder
% set services vpn ipsec policy REMOTE-1_ipsec_policy ciphersuite ipsec_policy_cipher0
% set services vpn ipsec policy REMOTE-1_ipsec_policy life-time 60
% set services vpn ipsec connection REMOTE-1 ike-peer REMOTE-1_ike_peer
% set services vpn ipsec connection REMOTE-1 ipsec-policy REMOTE-1_ipsec_policy
% set services vpn ipsec connection REMOTE-1 host-to-host
% set services vpn ipsec connection REMOTE-1 filter input IN_TRUSTED
% set services vpn ipsec connection REMOTE-1 filter output OUT_TRUSTED
% set services vpn ike policy REMOTE-2_ike_policy auth-method pre-shared-key
% set services vpn ike policy REMOTE-2_ike_policy pre-shared-key remote2
% set services vpn ike policy REMOTE-2_ike_policy ciphersuite ike_policy_cipher0
% set services vpn ike policy REMOTE-2_ike_policy life-time 180
% set services vpn ike peer REMOTE-2_ike_peer ike-policy REMOTE-2_ike_policy
% set services vpn ike peer REMOTE-2_ike_peer local-endpoint address 10.150.1.1
% set services vpn ike peer REMOTE-2_ike_peer local-identity default
% set services vpn ike peer REMOTE-2_ike_peer peer-endpoint address 10.150.1.20
To Next Page
Loading...
