Table of Contents
Advertisement
CHAPTER 25. IPSEC
outbound ESP sas
Joining Two Private Networks Example
The following example demonstrates how to form an IP security tunnel to join
two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements
are as follows:
Phase 1: 3DES with SHA1
Phase 2: IPSec ESP with AES(256-bit) and HMAC-SHA1
TRUSTED
Network
10.0.1.0/24
Figure 25.2 Tunnel Mode Between Two Security Gateways-Single Proposals
1.
Configure a WAN bundle of network type untrusted.
Router/configure/interface/bundle wan1# link t1 0/2/0
Router/configure/interface/bundle wan1# encapsulation ppp
Router/configure/interface/bundle wan1# ip address
172.16.0.1 24
Router/configure/interface/bundle wan1# crypto untrusted
Router/configure/interface/bundle wan1# exit
266
Remote ident(ip/mask/port):(10.0.2.0/255.255.255.0/
any)
Peer Address is 172.16.0.2, PFS Group is disabled
Spi: 0xa1f673aa
Transform: aes128(key length=128 bits), sha1
In use settings = {tunnel}
Bytes Processed 256
Hard lifetime in seconds 3290, Hard lifetime in
kilobytes 413695
Soft lifetime in seconds 3200, Soft lifetime in
kilobytes 37355
172.16.0.1
Router 1
172.16.0.2
IPSec ESP
Router 2
UNTRUSTED
TRUSTED
Network
10.0.2.0/24
© SAMSUNG Electronics Co., Ltd.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
