Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 720

Chapter 43. Securing Your Network
192.168.2.254 for LAN B. The IPsec routers are separate from each LAN gateway and use two
network devices: eth0 is assigned to an externally-accessible static IP address which accesses the
Internet, while eth1 acts as a routing point to process and transmit LAN packets from one network
node to the remote network nodes.
The IPsec connection between each network uses a pre-shared key with the value of r3dh4tl1nux,
and the administrators of A and B agree to let racoon automatically generate and share an
authentication key between each IPsec router. The administrator of LAN A decides to name the IPsec
connection ipsec0, while the administrator of LAN B names the IPsec connection ipsec1.
The following example shows the contents of the ifcfg file for a network-to-network IPsec connection
for LAN A. The unique name to identify the connection in this example is ipsec0, so the resulting file
is called /etc/sysconfig/network-scripts/ifcfg-ipsec0.
TYPE=IPSEC
ONBOOT=yes
IKE_METHOD=PSK
SRCGW=192.168.1.254
DSTGW=192.168.2.254
SRCNET=192.168.1.0/24
DSTNET=192.168.2.0/24
DST=X.X.X.X
The following list describes the contents of this file:
TYPE=IPSEC
Specifies the type of connection.
ONBOOT=yes
Specifies that the connection should initiate on boot-up.
IKE_METHOD=PSK
Specifies that the connection uses the pre-shared key method of authentication.
SRCGW=192.168.1.254
The IP address of the source gateway. For LAN A, this is the LAN A gateway, and for LAN B, the
LAN B gateway.
DSTGW=192.168.2.254
The IP address of the destination gateway. For LAN A, this is the LAN B gateway, and for LAN B,
the LAN A gateway.
SRCNET=192.168.1.0/24
Specifies the source network for the IPsec connection, which in this example is the network range
for LAN A.
DSTNET=192.168.2.0/24
Specifies the destination network for the IPsec connection, which in this example is the network
range for LAN B.
DST=X.X.X.X
The externally-accessible IP address of LAN B.
694