118 IPsec VPN configuration
In order for traffic to be forwarded through the VPN, a static or dynamic
route to the peer must be available.
Configuring IKE for site-to-site VPN
Creating an IKE policy
Create an IKE policy for a dynamic ISAKMP SA.
Procedure steps
Step
1
2
3
Table 43
Variable definitions
Variable
<policy-name>
<peer-address>
Configuring the local address for IKE negotiations
Configure the local address for IKE negotiations. The local address and the
address in the certificate must match.
When executed, this command creates an IKE policy proposal with default
values of Preshared Key, 3DES, SHA1, and DH-group2.
Procedure steps
Step
1
Copyright © 2007, Nortel Networks
.
Action
To enter the configuration mode, enter:
configure terminal
To specify crypto configuration for IPsec and IKE, enter:
crypto
To create the IKE policy for site-to-site VPN, enter:
ike policy <policy-name> <peer-address>
Value
Specifies the IKE policy name. Max 8 characters.
Specifies the peer IP address for IKE negotiations.
Action
To enter the configuration mode, enter:
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
—End—
—End—