Virtual Private Networks
Configuring a VPN Using IPSec
Site B
Site A
Router 10.10.10.1
Router 10.10.10.2
Internet
SP1 2222
SP1 2222
encryption: 1234...
encryption: 1234...
authentication: 1212...
authentication: 1212...
LAN1
LAN2
192.168.1.0/24
192.168.2.0/24
SP1 1111
SP1 1111
encryption: 9876...
encryption: 9876...
authentication: 2121...
authentication: 2121...
Figure 10-13. Example VPN Configuration with Manual Keying
Example Configuration
Figure 10-13 shows Site A and Site B, whose LANs need to connect through
the Internet. Site A's inbound key and SPI match Site B's outbound key and
SPI and vice versa. The following are the configurations for Router A:
ProCurve(config)# ip crypto
ProCurve(config)# ip access-list extended VPNTraffic
ProCurve(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ProCurve(config-ext-nacl)# exit
ProCurve(config)# crypto ipsec transform-set T1 esp-3des esp-md5-hmac
ProCurve(config)# crypto map VPN 0 ipsec-manual
ProCurve(config-crypto-map)# set transform-set T1
ProCurve(config-crypto-map)# set session-key outbound esp 2222 cipher
123456789876543212345678 authenticator 2121212121212121
ProCurve(config-crypto-map)# set session-key inbound esp 1111 cipher
987654321234567898765432 authenticator 1212121212121212
ProCurve(config-crypto-map)# exit
ProCurve(config)# int ppp 1
ProCurve(config-ppp 1)#crypto map VPN
10-69