IKE with AES-128 (Side #1)
Posted by , Last modified by Daniel Lizaola on 22 November 2017 01:35 PM

The command sequence below defines a VPN Tunnel that uses AES-128 to route traffic from Side #1 (192.168.1.0) to Side #2 (192.168.2.0).

NOTE:

-You must replace ‹X.X.X.X› in the template with the IP address for Side #2.

-You must replace ‹MySharedKey› in the template with text string as the initial shared key

-You must replace ‹nnnn› in the template with unique number from 1-99999 like 12345

-You must purchase the appropriate software license for your SmartNode to support VPN service. To see the current licenses active for your SmartNode, execute the "show license" command.

Command Sequence Description

profile ipsec-transform AES-128
  esp-encryption aes-cbc 128
  key-lifetime-seconds 3600

profile isakmp-transform AES-128
  encryption aes-cbc 128
  authentication-algorithm sha1
  key-lifetime-seconds 86400

profile ipsec-policy-isakmp VPN-IKE
  authentication-method pre-shared-key ‹MySharedKey›
# SET IP ADDRESS of SIDE #2
  peer ‹X.X.X.X›
  protection-group ‹nnnn›
  mode tunnel
  diffie-hellman-group group2
  use profile ipsec-transform 1 AES-128
  use profile isakmp-transform 1 AES-128

profile acl VPN-Out
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ipsec-policy VPN-IKE
permit ip any any

profile acl VPN-In
permit esp any any
permit ah any any
permit ip 192.168.2.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip any any

context ip
interface eth0
use profile acl VPN-In in
use profile acl VPN-Out out
(2020 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).