67
Chapter 6
VPN configuration
Chapter contents
Introduction
..........................................................................................................................................................68
Authentication
................................................................................................................................................68
Encryption
......................................................................................................................................................68
Transport and tunnel modes
...........................................................................................................................69
VPN configuration task list
...................................................................................................................................69
Creating an IPsec transformation profile
.........................................................................................................69
Creating an IPsec policy profile
.......................................................................................................................70
Creating/modifying an outgoing ACL profile for IPsec
...................................................................................72
Configuration of an IP interface and the IP router for IPsec
............................................................................73
Displaying IPsec configuration information
....................................................................................................73
Debugging IPsec
.............................................................................................................................................74
Sample configurations
...........................................................................................................................................75
IPsec tunnel, DES encryption
.........................................................................................................................75
OnSite configuration
.................................................................................................................................75
Cisco router configuration
........................................................................................................................76
IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC-SHA1-96
....................76
OnSite configuration
.................................................................................................................................76
Cisco router configuration
........................................................................................................................77
IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96
..................77
OnSite configuration
.................................................................................................................................77
Cisco router configuration
........................................................................................................................77