EasyManuals Logo

GE MDS ORBIT ECR User Manual

GE MDS ORBIT ECR
463 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #425 background imageLoading...
Page #425 background image
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 425
# Security zone configuration
set security zones security-zone TRUST address-book address LOCAL-NET-1 192.168.2.0/24
set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces vlan.0
set security zones security-zone UNTRUST address-book address ORBIT138-NET-1 192.168.1.0/24
set security zones security-zone UNTRUST host-inbound-traffic system-services ike
set security zones security-zone UNTRUST host-inbound-traffic system-services ping
set security zones security-zone UNTRUST host-inbound-traffic system-services ntp
set security zones security-zone UNTRUST interfaces ge-0/0/0.0
# Security policies
set security policies from-zone TRUST to-zone UNTRUST policy ORBIT138-NET-1-SA match source-address
LOCAL-NET-1
set security policies from-zone TRUST to-zone UNTRUST policy ORBIT138-NET-1-SA match destination-
address ORBIT138-NET-1
set security policies from-zone TRUST to-zone UNTRUST policy ORBIT138-NET-1-SA match application any
set security policies from-zone TRUST to-zone UNTRUST policy ORBIT138-NET-1-SA then permit tunnel
ipsec-vpn ORBIT138
set security policies from-zone UNTRUST to-zone TRUST policy ORBIT138-NET-1-SA match source-address
ORBIT138-NET-1
set security policies from-zone UNTRUST to-zone TRUST policy ORBIT138-NET-1-SA match destination-
address LOCAL-NET-1
set security policies from-zone UNTRUST to-zone TRUST policy ORBIT138-NET-1-SA match application any
set security policies from-zone UNTRUST to-zone TRUST policy ORBIT138-NET-1-SA then permit tunnel
ipsec-vpn ORBIT138
12.1.2.2 Status
> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
1948863 UP 95c139a87c9cae6f 71d0c3a14c8d5663 IKEv2 172.18.175.138
> show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131074 ESP:aes-128/sha256 ef7c6bd3 3522/ unlim - root 500 172.18.175.138
>131074 ESP:aes-128/sha256 c4bfce67 3522/ unlim - root 500 172.18.175.138
12.2 DMVPN with Cisco IOS
In this example we describe a sample configuration for a DMVPN between Orbit MCR (2E1S) and Cisco
ISR 1941 router with IKEv2 public-key based authentication using RSA certificates generated from 3-tier

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the GE MDS ORBIT ECR and is the answer not in the manual?

GE MDS ORBIT ECR Specifications

General IconGeneral
BrandGE
ModelMDS ORBIT ECR
CategoryNetwork Router
LanguageEnglish

Related product manuals