Home > Others

IPsec VPN detailed--dial address

Source: Internet
Author: User
Tags sha1
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

three. Dial-up AddressVpnSet1.Networking Requirements

This example will The combination of IPSec and ADSL is a typical case which is widely used in the present practice.

(1) Router B is directly connected to the DSLAM Access terminal of the public network via ADSL , as the client side of PPPoE . Routerb The IP address that is dynamically obtained from the ISP is the private network address.

(2) the head office LAN is connected to the ATM network via Router A .

(3) in order to ensure information security , the Ipsec/ike method is used to create a secure tunnel.

2.Group Network Diagram

650) this.width=650; "src=" Https://s1.51cto.com/oss/201711/20/b09c97546bd5e55331177c8037a7de08.png "title=" Qq20171120202313.png "alt=" B09c97546bd5e55331177c8037a7de08.png "/>

3.Configuration Steps(1)ConfigurationRouter A

# Configure the Local security gateway device name.

<routera>system-view

[Routera]ike local-name RouterA

# Configure ACLs.

[Routera]acl number 3101

[routera-acl-adv-3101]rule 0 Permit IP source 172.16.0.0 0.0.0.255 destination 192.1.68.0.0 0.0.0.255 allow 192.1. 68.0 Access 172.16.0.0

[Routera-acl-adv-3101]quit

# Configure the IKE security offer.

[Routera]ike Proposal 1

[Routera-ike-proposal-1]authentication-algorithm sha validation algorithm

[Routera-ike-proposal-1]authentication-method Pre-share

[Routera-ike-proposal-1]encryption-algorithm 3DES-CBC encryption Algorithm

[Routera-ike-proposal-1]dh group2 assigning dh groups

# Configure the IKE peers peer.

[Routera]ike Peer Peer

[Routera-ike-peer-peer]exchange-mode aggressive // Negotiation mode for Savage mode

[Routera-ike-peer-peer] Pre-shared-key ABC / Configure preshared key, this key must be consistent with the peer

[Routera-ike-peer-peer]id-type name // negotiation type for use named

[Routera-ike-peer-peer]remote-name routerb // Configure peer-to-peer naming

[Routera-ike-peer-peer]nat traversal // Configure NAT traversal function

[Routera-ike-peer-peer]quit

# Create IPSec security proposal prop.

[Routera]ipsec proposal Prop

[Routera-ipsec-proposal-prop]encapsulation-mode tunnel Create tunnel mode

[Routera-ipsec-proposal-prop]transform ESP//esp validation algorithm

[ROUTERA-IPSEC-PROPOSAL-PROP]ESP encryption-algorithm 3DES// encryption Algorithm

[Routera-ipsec-proposal-prop]esp Authentication-algorithm SHA1 verification algorithm

[Routera-ipsec-proposal-prop]quit

# Create security Policy Policies and specify to establish SA through IKE negotiation .

[Routera]ipsec Policy Policy Ten ISAKMP

# Configure security Policy to refer to IKE peer peer.

[Routera-ipsec-policy-isakmp-policy-10]ike-peer Peer

# Configure security Policy to reference access control List 3101.

[Routera-ipsec-policy-isakmp-policy-10]security ACL 3101

# Configure security Policy to reference IPSEC security proposal prop.

[Routera-ipsec-policy-isakmp-policy-10]proposal Prop

[Routera-ipsec-policy-isakmp-policy-10]quit

# Configure the IP address.

[Routera]interface serial 2/0

[Routera-serial2/0]ip address 100.1.1.1 255.255.255.0

[Routera-serial2/0]ipsec Policy Policies Reference Security

[Routera-serial2/0]quit

# Configure the Ethernet port.

[Routera]interface Ethernet 1/0

[Routera-ethernet1/0]ip address 172.16.0.1 255.255.255.0

[Routera-ethernet1/0]quit

# Configure static routes to the branch office LAN.

[Routera]ip route-static 192.168.0.0 255.255.255.0 serial 2/0

(2)ConfigurationRouter B

# Configure the name of the local security gateway.

<routerb>system-view

[Routerb]ike local-name Routerb

# Configure ACLs.

[Routerb]acl number 3101

[routerb-acl-adv-3101]rule 0 Permit IP source 192.168.0.0 0.0.0.255 destination 172.16.0.0 0.0.0.255 allow 172.16.0.0 Network Segment Entry

[Routerb-acl-adv-3101]quit

# Configure the IKE security offer.

[Routerb]ike Proposal 1

[Routerb-ike-proposal-1]authentication-algorithm sha validation algorithm

[Routerb-ike-proposal-1]authentication-method Pre-share

[Routerb-ike-proposal-1]encryption-algorithm 3DES-CBC encryption Algorithm

[Routerb-ike-proposal-1]dh group2 assigning dh groups

# Configure the IKE peers peer.

[Routerb]ike Peer Peer

[Routerb-ike-peer-peer]exchange-mode aggressive // Negotiation mode for Savage mode

[Routerb-ike-peer-peer] Pre-shared-key ABC // Configure preshared key, this key must be consistent with the peer

[Routerb-ike-peer-peer]id-type name // negotiation type for use named

[Routerb-ike-peer-peer] Remote-name routera // Configure peer-to-peer naming

[Routerb-ike-peer-peer]remote-address 100.1.1.1 // Configure peer-to-peer IP address

[Routerb-ike-peer-peer] NAT traversal // Configure NAT traversal function

[Routerb-ike-peer-peer]quit

# Create IPSec security proposal prop.

[Routerb]ipsec proposal Prop

[Routerb-ipsec-proposal-prop]encapsulation-mode Tunnel tunnel mode

[Routerb-ipsec-proposal-prop] Transform ESP encryption method

[ROUTERB-IPSEC-PROPOSAL-PROP]ESP Encryption-algorithm 3DES ESP encryption mode 3DES

[Routerb-ipsec-proposal-prop]esp authentication-algorithm SHA1 authentication method

[Routerb-ipsec-proposal-prop] Quit

# Create security Policy Policies and specify to establish SA through IKE negotiation .

[Routerb] IPSec policy policy ten ISAKMP

# Configure security Policy to refer to IKE peer peer.

[Routerb-ipsec-policy-isakmp-policy-10] Ike-peer Peer

# Configure security Policy to reference access control List 3101.

[Routerb-ipsec-policy-isakmp-policy-10]security ACL 3101

# Configure security Policy to reference IPSEC security proposal prop.

[ROUTERB-IPSEC-POLICY-ISAKMP-POLICY-10] Proposal prop

[Routerb-ipsec-policy-isakmp-policy-10]quit

# Configure the Dial-up access control list.

[Routerb]dialer-rule 1 IP Permit

# Create Dialer0, using the user name and password assigned by the ISP for dialing and PPP authentication related configuration,

and configure MTU.

[Routerb]interface Dialer 0

[Routerb-dialer0]link-protocol PPP uses PPP dialing

[routerb-dialer0]ppp pap local-user Test password simple 123456 dial-up ISP provides user name and password

[Routerb-dialer0]ip Address Ppp-negotiate

[Routerb-dialer0]dialer User 1 users

[Routerb-dialer0]dialer-group 1 user Group

[Routerb-dialer0]dialer Bundle 1

[routerb-dialer0]ipsecno-nat-process enable do not Nat traversal

[ROUTERB-DIALER0] IPSec policy policy refers to IPSec policies created under this interface

[Routerb-dialer0]mtu 1492

[Routerb-dialer0]quit

# Configure static routes to the head office LAN.

[Routerb]ip route-static 172.16.0.0 255.255.255.0 dialer 0

# Configure the Ethernet port.

[Routerb]interface Ethernet 1/0

[Routerb-ethernet1/0]tcp MSS 1450

[Routerb-ethernet1/0]ip address 192.168.0.1 255.255.255.0

[Routerb-ethernet1/0]quit


This article is from the "Garrett" blog, make sure to keep this source http://garrett.blog.51cto.com/11611549/1983596

IPsec VPN detailed--dial address

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cisco asa ipsec vpn windows ipsec vpn client ipsec remote access vpn mac ipsec vpn client cisco router ipsec vpn linux ipsec vpn zyxel ipsec vpn client

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More