Table of Contents
Advertisement
% set services vpn ike peer REMOTE-2_ike_peer peer-identity default
% set services vpn ike peer REMOTE-2_ike_peer role responder
% set services vpn ipsec policy REMOTE-2_ipsec_policy ciphersuite ipsec_policy_cipher0
% set services vpn ipsec policy REMOTE-2_ipsec_policy life-time 60
% set services vpn ipsec connection REMOTE-2 ike-peer REMOTE-2_ike_peer
% set services vpn ipsec connection REMOTE-2 ipsec-policy REMOTE-2_ipsec_policy
% set services vpn ipsec connection REMOTE-2 host-to-host
% set services vpn ipsec connection REMOTE-2 filter input IN_TRUSTED
% set services vpn ipsec connection REMOTE-2 filter output OUT_TRUSTED
Configure GRE tunnel interfaces in ethernet-over-gre mode
% set interfaces interface GRE-REMOTE-1 type gre
% set interfaces interface GRE-REMOTE-1 gre-config mode ethernet-over-gre
% set interfaces interface GRE-REMOTE-1 gre-config src-address 10.150.1.1
% set interfaces interface GRE-REMOTE-1 gre-config dst-address 10.150.1.10
% set interfaces interface GRE-REMOTE-2 type gre
% set interfaces interface GRE-REMOTE-2 gre-config mode ethernet-over-gre
% set interfaces interface GRE-REMOTE-2 gre-config src-address 10.150.1.1
% set interfaces interface GRE-REMOTE-2 gre-config dst-address 10.150.1.20
Add the GRE tunnel interfaces to the bridge and disable STP on the bridge
% set interfaces interface Bridge bridge-settings members port GRE-REMOTE-1
% set interfaces interface Bridge bridge-settings members port GRE-REMOTE-2
% set interfaces interface Bridge bridge-settings stp-mode disabled
REMOTE#1 Configuration
Configure IPsec tunnel
% set services vpn enabled true
% set services vpn ike policy AP_ike_policy auth-method pre-shared-key
% set services vpn ike policy AP_ike_policy pre-shared-key remote1
% set services vpn ike policy AP_ike_policy ciphersuite ike_policy_cipher0
% set services vpn ike policy AP_ike_policy life-time 180
% set services vpn ike policy AP_ike_policy reauth true
% set services vpn ike peer AP_ike_peer ike-policy AP_ike_policy
% set services vpn ike peer AP_ike_peer local-endpoint address 10.150.1.10
% set services vpn ike peer AP_ike_peer local-identity default
% set services vpn ike peer AP_ike_peer peer-endpoint address 10.150.1.1
% set services vpn ike peer AP_ike_peer peer-identity default
% set services vpn ike peer AP_ike_peer role initiator
% set services vpn ike peer AP_ike_peer initiator-mode on-demand
% set services vpn ipsec policy AP_ipsec_policy ciphersuite ipsec_policy_cipher0
% set services vpn ipsec policy AP_ipsec_policy life-time 60
% set services vpn ipsec connection AP ike-peer AP_ike_peer
% set services vpn ipsec connection AP ipsec-policy AP_ipsec_policy
% set services vpn ipsec connection AP host-to-host
% set services vpn ipsec connection AP filter input IN_TRUSTED
% set services vpn ipsec connection AP filter output OUT_TRUSTED
Configure GRE tunnel interface
% set interfaces interface GRE-AP type gre
% set interfaces interface GRE-AP gre-config mode ethernet-over-gre
340
MDS Orbit MCR/ECR Technical Manual
MDS 05-6632A01, Rev. F
Advertisement
Table of Contents
Troubleshooting
