Virtual Private Networks (VPN)
6. Set the firewall zone for the IPsec tunnel. Generally this should be left at the default of ipsec.
(config vpn ipsec tunnel ipsec_example)> zone zone
(config vpn ipsec tunnel ipsec_example)>
To view a list of available zones:
(config vpn ipsec tunnel ipsec_example)> zone ?
Zone: The firewall zone assigned to this IPsec tunnel. This can be used by
packet filtering rules
and access control lists to restrict network traffic on this tunnel.
Format:
any
dynamic_routes
edge
external
hotspot
internal
ipsec
loopback
setup
Default value: ipsec
Current value: ipsec
(config vpn ipsec tunnel ipsec_example)>
7. Set the mode:
(config vpn ipsec tunnel ipsec_example)> mode mode
(config vpn ipsec tunnel ipsec_example)>
where mode is either:
tunnel: The entire IP packet is encrypted and/or authenticated and then encapsulated
n
as the payload in a new IP packet.
transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP
n
header is unencrypted.
The default is tunnel.
8. Set the protocol:
(config vpn ipsec tunnel ipsec_example)> type protocol
(config vpn ipsec tunnel ipsec_example)>
where protocol is either:
esp (Encapsulating Security Payload): Provides encryption as well as authentication and
n
integrity.
ah (Authentication Header): Provides authentication and integrity only.
n
The default is esp.
TX54 User Guide
IPsec
301