Knowledgebase: Unified Communications
IKE with AES-128 (Side #1)
Posted by , Last modified by Daniel Lizaola on 22 November 2017 01:35 PM
|
|
The command sequence below defines a VPN Tunnel that uses AES-128 to route traffic from Side #1 (192.168.1.0) to Side #2 (192.168.2.0). NOTE: -You must replace ‹X.X.X.X› in the template with the IP address for Side #2. -You must replace ‹MySharedKey› in the template with text string as the initial shared key -You must replace ‹nnnn› in the template with unique number from 1-99999 like 12345 -You must purchase the appropriate software license for your SmartNode to support VPN service. To see the current licenses active for your SmartNode, execute the "show license" command. Command Sequence Descriptionprofile ipsec-transform AES-128 esp-encryption aes-cbc 128 key-lifetime-seconds 3600 profile isakmp-transform AES-128 encryption aes-cbc 128 authentication-algorithm sha1 key-lifetime-seconds 86400 profile ipsec-policy-isakmp VPN-IKE authentication-method pre-shared-key ‹MySharedKey› # SET IP ADDRESS of SIDE #2 peer ‹X.X.X.X› protection-group ‹nnnn› mode tunnel diffie-hellman-group group2 use profile ipsec-transform 1 AES-128 use profile isakmp-transform 1 AES-128 profile acl VPN-Out permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ipsec-policy VPN-IKE permit ip any any profile acl VPN-In permit esp any any permit ah any any permit ip 192.168.2.0 0.0.255.255 192.168.1.0 0.0.0.255 permit ip any any context ip interface eth0 use profile acl VPN-In in use profile acl VPN-Out out | |
|
Comments (0)