Motorola WS5100 Series Migration Giude page 192
Hide thumbs
Also See for WS5100 Series:
- Cli reference manual (492 pages) ,
- Reference manual (444 pages) ,
- Troubleshooting manual (100 pages)
Table of Contents
Advertisement
11-34 WS5100 Series Switch Migration Guide
The site-to-site VPN allows branch office mobility controllers to connect back to the central office using a
secure, encrypted tunnel, for all site-to-site traffic. This allows a wired LAN in the branch office to be bridged
directly to the central site while marinating the full security.
The use case described above needs configuration of two WS5100 switches. It can be configured with the
following CLI commands:
1. Configuration required on WS5100 Switch 1:
a. Create an extended ACL. This is used to define the tunnel used by the traffic.
WS5100(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24 rule-
precedence
b. Create and configure the ISAKMP parameters.
WS5100(config)#crypto isakmp keepalive 10
WS5100(config)#crypto isakmp key SYMBOLAD address 15.1.1.20
WS5100(config)#crypto ipsec security-association lifetime kilobytes
4608000
c. Create and configure ISAKMP policy.
WS5100(config)#crypto isakmp policy 199
WS5100(config-crypto-isakmp)#encryption aes
WS5100(config-crypto-isakmp)#hash sha
WS5100(config-crypto-isakmp)#authentication pre-share
WS5100(config-crypto-isakmp)#group 5
WS5100(config-crypto-isakmp)#lifetime 9496
d. Create and configure IPSec transform set.
WS5100(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes
WS5100(config-crypto-ipsec)#mode tunnel
Advertisement
Table of Contents
