Table of Contents
Advertisement
Virtual Private Networks (VPN)
4. (Optional) Set the tunnel to use UDP encapsulation even when it does not detect that NAT is
being used:
(config vpn ipsec tunnel ipsec_example)> force_udp_encap true
(config vpn ipsec tunnel ipsec_example)>
5. Set the firewall zone for the IPsec tunnel. Generally this should be left at the default of ipsec.
(config vpn ipsec tunnel ipsec_example)> zone zone
(config vpn ipsec tunnel ipsec_example)>
To view a list of available zones:
(config vpn ipsec tunnel ipsec_example)> zone ?
Zone: The firewall zone assigned to this IPsec tunnel. This can be used
by packet filtering rules
and access control lists to restrict network traffic on this tunnel.
Format:
any
dynamic_routes
edge
external
internal
ipsec
loopback
setup
Default value: ipsec
Current value: ipsec
(config vpn ipsec tunnel ipsec_example)>
Note
Depending on your network configuration, you may need to add a packet filtering rule to
allow incoming traffic. For example, for the IPsec zone:
a. Type ... to move to the root of the configuration:
(config vpn ipsec tunnel ipsec_example)> ...
(config)>
b. Add a packet filter:
(config)> add firewall filter end
(config firewall filter 2)>
c. Set the label to Allow incoming IPsec traffic:
(config config firewall filter 2)> label "Allow incoming IPsec
traffic"
(config firewall filter 2)>
IX10 User Guide
IPsec
267
Advertisement
Table of Contents
