Virtual Private Networks
Configuring a VPN Using IPSec
10-40
pass through the WAN interface and so receive the router's public IP address.
However, only traffic from local private networks can access the VPN tunnel,
so the traffic cannot reach its destination.
You can force all traffic sent to a server to use the IP address of LAN interface
so that it can access the remote VPN site.
Enter one of these commands from the global configuration mode context:
Syntax: ip [tftp | sntp | ftp] source-interface <interface ID>
Syntax: snmp-server source-interface <interface ID>
For example, you can set Ethernet 0/1 as the source interface for all traffic
sent to a TFTP server.
ProCurve(config)# ip tftp source-interface eth 0/1
Configuring IPSec SA Parameters
You configure the security parameters that IKE proposes during IKE phase 2
for the IPSec SA in:
a transform set
a crypto map entry
Transform Sets
A transform set contains the hash and encryption algorithms used to secure
data transmitted over the VPN tunnel. To create a transform set, complete
these steps:
1.
Name the transform set.
2.
Select AH or ESP. (See "IPSec Headers" on page 10-5 in the chapter
overview for more information on the difference between these two
protocols.)