Configuring IPSec VPN
Prerequisites
As a prerequisite to configuring IPSec VPN, a valid VPN license must be installed on the G250/
G350. For details, see
IPSec VPN configuration overview
To configure a site-to-site IPSec VPN, two devices (the G250/G350 and a peer Gateway) must
be configured symmetrically.
Configuring IPSec VPN consists of the following steps:
1.
Coordinating with the VPN
2.
Configuring ISAKMP
3.
Configuring
4.
Configuring ISAKMP peer
5.
Configuring an ISAKMP peer-group.
6.
Configuring crypto
7.
Configuring
8.
Configuring and assigning an access control
9.
Configuring global
10.
Assigning a crypto-list to an
Note:
In the following sections, all IPSec VPN parameters that you must configure are
Note:
indicated as mandatory parameters. Non-mandatory VPN parameters have default
values that are used unless otherwise set. Thus for example, although it is
mandatory to define at least one ISAKMP policy, it is not mandatory to set the values
for that ISAKMP policy since the G250/G350 contains default ISAKMP policy
settings.
Installing the VPN license file
peer.
policies.
transform-sets.
information.
maps.
crypto-lists.
parameters.
interface.
Configuring a site-to-site IPSec VPN
on page 366.
list.
Issue 1.1 June 2005
367