beautypg.com

Sample configurations, Ipsec tunnel, des encryption, Onsite configuration – Patton electronic ONSITE 2800 User Manual

Page 75

background image

Sample configurations

75

OnSite 2800 Series User Manual

6 • VPN configuration

IN MANUAL ToBurg Tunnel no
200.200.200.1 - 1111 - - AES-CBC 128
3622/unlimited 19047/unlimited

OUT MANUAL ToBurg Tunnel no
200.200.200.1 - 2222 - - AES-CBC 128
2857/unlimited 19047/unlimited

Sample configurations

The following sample configurations establish IPsec connections between an OnSite and a Cisco router. To
interconnect two OnSite routers instead, derive the configuration for the second OnSite by doing the follow-
ing modifications:

Swap ‘inbound’ and ‘outbound’ settings

Adjust the ‘peer’ setting

Swap the private networks in the ACL profiles

Adjust the IP addresses of the LAN and WAN interfaces

Adjust the route for the remote network

IPsec tunnel, DES encryption

OnSite configuration

profile ipsec-transform DES
esp-encryption des-cbc 64

profile ipsec-policy-manual VPN_DES
use profile ipsec-transform DES
session-key inbound esp-encryption 1234567890ABCDEF
session-key outbound esp-encryption FEDCBA0987654321
spi inbound esp 1111
spi outbound esp 2222
peer 200.200.200.1
mode tunnel

profile acl VPN_Out
permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 ipsec-policy VPN_DES
permit ip any any

profile acl VPN_In
permit esp any any
permit ah any any
permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255
deny ip any any

context ip router

interface LAN
ipaddress 192.168.1.1 255.255.255.0

interface WAN

See also other documents in the category Patton electronic Hardware: