![background image](http://html1.mh-extra.com/html/patton-electronics/iplink-3210-series/iplink-3210-series_getting-started-manual_4070846047.webp)
VPN configuration task list
47
IPLink 3210 Series Getting Started Guide
5 • VPN configuration
Transport and tunnel modes
The mode determines the payload of the ESP packet and hence the application:
•
Transport mode: Encapsulates only the payload of the original IP packet, but not its header, so the IPsec
peers must be at the endpoints of the communications link.
•
A secure connection between two hosts is the application of the transport mode.
•
Tunnel mode: Encapsulates the payload and the header of the original IP packet. The IPsec peers can be
(edge) routers that are not at the endpoints of the communications link.
A secure connection of the two (private) LANs, a ‘tunnel’, is the application of the tunnel mode.
VPN configuration task list
To configure a VPN connection, perform the following tasks:
•
Creating an IPsec transformation profile
•
Creating an IPsec policy profile
•
Creating/modifying an outgoing ACL profile for IPsec
•
Configuration of an IP Interface and the IP router for IPsec
•
Displaying IPsec configuration information
•
Debugging IPsec
Creating an IPsec transformation profile
The IPsec transformation profile defines which authentication and/or encryption protocols, which authentica-
tion and/or encryption algorithms shall be applied.
Procedure:
To create an IPsec transformation profile
Mode:
Configure
mac-sha1-96 }Enables authentication and defines the authentication protocol and the hash algorithm
Use
no
in front of the above commands to delete a profile or a configuration entry.
Example: Create an IPsec transformation profile
The following example defines a profile for AES-encryption at a key length of 128.
3210(cfg)#profile ipsec-transform AES_128
3210(pf-ipstr)[AES_128]#esp-encryption aes-cbc 128
Step
Command
Purpose
1
node(cfg)#profile ipsec-transform
name
Creates the IPsec transformation profile
name
2
optional
node(pf-ipstr)[
name
]#esp-encryption {
aes-cbc | des-cbc | 3des-cbc } [
key-length
]
Enables encryption and defines the encryp-
tion algorithm and the key length
3
optional
node(pf-ipstr)[
name
]#{ ah-authentication
| esp-authentication } {hmac-md5-96 |
hmac-sha1-96 }
Enables authentication and defines the
authentication protocol and the hash algo-
rithm
Summary of Contents for IPLink 3210 Series
Page 4: ...Summary Table of Contents IPLink 3210 Series Getting Started Guide 4...
Page 10: ...Table of Contents IPLink 3210 Series Getting Started Guide 10...
Page 18: ...About this guide IPLink 3210 Series Getting Started Guide 18...
Page 90: ...90 Chapter 8 LEDs status and monitoring Chapter contents Status LEDs 91...
Page 110: ...110 Appendix E IPLink 3210 Series factory configuration Chapter contents Introduction 111...
Page 112: ...112 Appendix F Installation checklist Chapter contents Introduction 113...