![background image](http://html1.mh-extra.com/html/patton-electronics/iplink-3210-series/iplink-3210-series_getting-started-manual_4070846050.webp)
VPN configuration task list
50
IPLink 3210 Series Getting Started Guide
5 • VPN configuration
Example:
Create an IPsec policy profile
The following example defines a profile for AES-encryption at a key length of 128.
3210(cfg)#profile ipsec-policy-manual ToBurg
3210(pf-ipsma)[ToBurg]#use profile ipsec-transform AES_128
3210(pf-ipsma)[ToBurg]#session-key inbound esp-encryption 1234567890ABCDEF1234567890ABCDEF
3210(pf-ipsma)[ToBurg]#session-key outbound esp-encryption
FEDCBA0987654321FEDCBA0987654321
3210(pf-ipsma)[ToBurg]#spi inbound esp 1111
3210(pf-ipsma)[ToBurg]#spi outbound esp 2222
3210(pf-ipsma)[ToBurg]#peer 200.200.200.1
3210(pf-ipsma)[ToBurg]#mode tunnel
Creating/modifying an outgoing ACL profile for IPsec
An access control list (ACL) profile in the outgoing direction selects which outgoing traffic to encrypt and/or
authenticate, and which IPsec policy profile to use. IPsec does not require an incoming ACL.
Note
Outgoing and incoming IPsec traffic passes an ACL (if available)
twice, once before and once after encryption/authentication. So the
respective ACLs must permit the encrypted/authenticated and the
plain traffic.
For detailed information on how to set-up ACL rules, see chapter 6,
“Access control list configuration”
on
page 57.
Procedure:
To create/modify an outgoing ACL profile for IPsec
Mode:
Configure
Note
New entries are appended at the end of an ACL. Since the position in
the list is relevant, you might need to delete the ACL and rewrite it
completely.
Example:
Create/modify an ACL profile for IPsec
The following example configures an outgoing ACL profile that interconnects the two private networks
192.168.1/24 and 172.16/16.
3210(cfg)#profile acl VPN_Out
3210(pf-acl)[VPN_Out]#permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 ipsec-policy
ToBurg
3210(pf-acl)[VPN_Out]#permit ip any any
Step
Command
Purpose
1
node(cfg)#profile acl
name
Creates or enters the ACL profile name
2
node(pf-ipstr)[
name
]#permit ...
[ ipsec-policy
name
]
The expression ‘ipsec-policy name’ appended to a
permit ACL rule activates the IPsec policy profile
name to encrypt/authenticate the traffic identified
by this rule.
Summary of Contents for IPLink 3210 Series
Page 4: ...Summary Table of Contents IPLink 3210 Series Getting Started Guide 4...
Page 10: ...Table of Contents IPLink 3210 Series Getting Started Guide 10...
Page 18: ...About this guide IPLink 3210 Series Getting Started Guide 18...
Page 90: ...90 Chapter 8 LEDs status and monitoring Chapter contents Status LEDs 91...
Page 110: ...110 Appendix E IPLink 3210 Series factory configuration Chapter contents Introduction 111...
Page 112: ...112 Appendix F Installation checklist Chapter contents Introduction 113...