CHAPTER 25. IPSEC
outbound ESP sas
Joining Two Private Networks Example
The following example demonstrates how to form an IP security tunnel to join
two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements
are as follows:
Phase 1: 3DES with SHA1
Phase 2: IPSec ESP with AES(256-bit) and HMAC-SHA1
TRUSTED
Network
10.0.1.0/24
Figure 25.2 Tunnel Mode Between Two Security Gateways-Single Proposals
1.
Configure a WAN bundle of network type untrusted.
Router/configure/interface/bundle wan1# link t1 0/2/0
Router/configure/interface/bundle wan1# encapsulation ppp
Router/configure/interface/bundle wan1# ip address
172.16.0.1 24
Router/configure/interface/bundle wan1# crypto untrusted
Router/configure/interface/bundle wan1# exit
266
Remote ident(ip/mask/port):(10.0.2.0/255.255.255.0/
any)
Peer Address is 172.16.0.2, PFS Group is disabled
Spi: 0xa1f673aa
Transform: aes128(key length=128 bits), sha1
In use settings = {tunnel}
Bytes Processed 256
Hard lifetime in seconds 3290, Hard lifetime in
kilobytes 413695
Soft lifetime in seconds 3200, Soft lifetime in
kilobytes 37355
172.16.0.1
Router 1
172.16.0.2
IPSec ESP
Router 2
UNTRUSTED
TRUSTED
Network
10.0.2.0/24
© SAMSUNG Electronics Co., Ltd.