Table of Contents
Advertisement
Virtual Private Networks (VPN)
d. Set the source zone to ipsec:
(config config firewall filter 2)> src_zone ipsec
(config firewall filter 2)>
6. Set the metric for the IPsec tunnel. When more than one active route matches a destination,
the route with the lowest metric is used. The metric can also be used in tandem with SureLink
to configure IPsec failover behavior. See
(config vpn ipsec tunnel ipsec_example)> metric value
(config vpn ipsec tunnel ipsec_example)>
where value is any integer between 0 and 65535.
7. Set the mode:
(config vpn ipsec tunnel ipsec_example)> mode mode
(config vpn ipsec tunnel ipsec_example)>
where mode is either:
tunnel: The entire IP packet is encrypted and/or authenticated and then encapsulated
n
as the payload in a new IP packet.
transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP
n
header is unencrypted.
The default is tunnel.
8. Set the protocol:
(config vpn ipsec tunnel ipsec_example)> type protocol
(config vpn ipsec tunnel ipsec_example)>
where protocol is either:
esp (Encapsulating Security Payload): Provides encryption as well as authentication
n
and integrity.
ah (Authentication Header): Provides authentication and integrity only.
n
The default is esp.
9. (Optional) Set the management priority for this IPsec tunnel:
(config vpn ipsec tunnel ipsec_example)> mgmt value
(config vpn ipsec tunnel ipsec_example)>
where value is any interger between 0 and 1000.
10. Set the authentication type:
(config vpn ipsec tunnel ipsec_example)> auth type value
(config vpn ipsec tunnel ipsec_example)>
IX10 User Guide
Configure IPsec failover
for more information.
IPsec
268
Advertisement
Table of Contents
