Ipsec Tunnel Interface; Before You Configure Ipsec Tunnel Interface - Alcatel-Lucent OmniAccess 700 Cli Configuration Manual

Release versions: 2.2, 2.2-r02, 2.3

Hide thumbs Also See for OmniAccess 700:

Table of Contents

Alcatel-Lucent provides support for IPsec in a tunnel mode with encryption,

intended for secure site-to-site communications over an untrusted network.

Currently IPsec can be configured through a crypto map and applied to a

interface.In addition, IPsec as a tunnel interface is required so that,

Pre, post encryption or decryption policies for QoS, Filters, and ACL can be

Traffic classifier will be routed based rather than policy based, which means that

routing can control what traffic needs to be secure.

Tunnel fail over can be handled by having traffic routed through another tunnel

Allows to run dynamic routing protocols over the tunnel.

Here are a few guidelines that you need to pay attention to when configuring the

OA-700 for the IPsec Tunnel interface.

1. Routing setup must be in ordinance.

2. The interface must be a configurable interface, i.e., associated with an IP address.

3. Tunnel endpoints (source and destination) should be specified. The source

address could be a configured IP address or another interface address (thus

deriving its IP address). The destination address is the address of the peer with

which IKE negotiation will take place.

4. Parameters required in tunnel negotiation should be configured. These

parameters are IPsec transform set, IKE policy, SA lifetime, PFS, and IKE Identity.

CLI Configuration Guide

Alcatel-Lucent

Except on the first page, right running head:

Heading1 or Heading1NewPage text (automatic)

IPsec Tunnel Interface