SmartWare Software Configuration Guide
Mode: Context ip /interface <if-name>
Step
1
node (if-ip)[if- name ]# [no] rtp-encryp-
tion
Using an alternate source IP address for specific destinations
Normally, locally originated IP packets use the IP address of the outbound IP interface as their source address.
However, when using VPN tunnels there are situations, where locally originated IP packets must be sent using
the source IP address of an alternate interface. You can specify using the following command that for one or
more destination network the IP address of an alternate IP interface should be used. This configuration com-
mand affects all locally originated IP packets except those, which originate from explicitly bound components
like SIP and H.323.
Mode: context ip
Step
1
node (ctx-ip)[ctx- name ]# [no] source-
address-map <destination-network>
<destination-mask> <ip-interface-
name>
Sample configurations
The following sample configurations establish IPsec connections between a SmartNode and a Cisco router. To
interconnect two SmartNodes instead, derive the configuration for the second SmartNode by doing the follow-
ing modifications:
•
Swap 'inbound' and 'outbound' settings
•
Adjust the 'peer' setting
•
Swap the private networks in the ACL profiles
•
Adjust the IP addresses of the LAN and WAN interfaces
•
Adjust the route for the remote network
IPsec tunnel, DES encryption
SmartNode configuration
profile ipsec-transform DES
esp-encryption des-cbc 64
profile ipsec-policy-manual VPN_DES
use profile ipsec-transform DES
session-key inbound esp-encryption 1234567890ABCDEF
session-key outbound esp-encryption FEDCBA0987654321
spi inbound esp 1111
spi outbound esp 2222
peer 200.200.200.1
Using an alternate source IP address for specific destinations
Command
Command
Purpose
Enable or disable RTP encryption support on an
IP interface.
Purpose
Defines that locally originated packets destined
for the specified destination network shall use the
IP address of the specified IP interface as their
source address.
26 • VPN configuration
301