EasyManua.ls Logo

GE MDS ORBIT ECR - Page 427

GE MDS ORBIT ECR
463 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 427
# Ensure that the MTU configured on WAN interface of IOS router matches the cell interface MTU
(default=1428).
set interfaces interface Cell type cellular
set interfaces interface Cell enabled true
# Disable default route over Cell interface
set interfaces interface Cell ipv4 dhcp request-routers false
set interfaces interface Cell ipv4 dhcp point-to-point-connection true
set interfaces interface Cell filter input IN_UNTRUSTED
set interfaces interface Cell filter output OUT_UNTRUSTED
set interfaces interface Cell cell-config connection-profile PROFILE-1 bearer-config apn <CUSTOMER-APN>
# IKE/IPsec Configuration
set services vpn enabled true
set services vpn ike policy DMVPN-CERT version ikev2
set services vpn ike policy DMVPN-CERT auth-method pub-key
set services vpn ike policy DMVPN-CERT pki cert-type rsa
# Client certificate is installed as ID1
set services vpn ike policy DMVPN-CERT pki cert-id ID1
# Client private key pair is generated as ID1
set services vpn ike policy DMVPN-CERT pki key-id ID1
# Root CA certificayte is installed as CA1
set services vpn ike policy DMVPN-CERT pki ca-cert-id CA1
# Sub CA certificates are installed as SUBCA1 and SUBCA2.
set services vpn ike policy DMVPN-CERT pki sub-ca-cert-ids [SUBCA1 SUBCA2 ]
set services vpn ike policy DMVPN-CERT ciphersuite CS1 encryption-algo aes256-cbc
set services vpn ike policy DMVPN-CERT ciphersuite CS1 mac-algo sha1-hmac
set services vpn ike policy DMVPN-CERT ciphersuite CS1 dh-group dh5
set services vpn ike peer DMVPN ike-policy DMVPN-CERT
set services vpn ike peer DMVPN peer-endpoint any
set services vpn ike peer DMVPN role responder
set services vpn ipsec policy DMVPN ciphersuite CS1 encryption-algo aes256-cbc
set services vpn ipsec policy DMVPN ciphersuite CS1 mac-algo sha1-hmac
set services vpn ipsec connection DMVPN ike-peer DMVPN
set services vpn ipsec connection DMVPN ipsec-policy DMVPN
set services vpn ipsec connection DMVPN host-to-host
set services vpn ipsec connection DMVPN filter input IN_TRUSTED
set services vpn ipsec connection DMVPN filter output OUT_TRUSTED
# Multipoint GRE tunnel configuration
set interfaces interface GRE1 type gre

Table of Contents

Related product manuals