Configuration Examples - Page 39
Task Description
Step 6
For IP Office A perform the
following.
IPSec Policies tab
•
Protocol = ESP
•
Encryption = DES
•
Authentication = MD5
•
Life Type = Seconds
•
Life = 86400
Protocol set to Encapsulating Security Payload.
Encryption set to DES
Authentication set to MD5
This is the time period before a new key is generated
(86400 represents one day in seconds).
Step 7
For IP Office B create an IPSec
tunnel.
Main tab
•
Name = IPSec_Tunnel
•
Local IP Address = 192.168.50.0
•
Local IP Mask = 255.255.255.0
•
Gateway - <LocalInterface>
•
Remote IP Address =
192.168.43.0
•
Remote IP Mask = 255.255.255.0
•
Gateway = 217.37.65.126
A unique name for the IPSec tunnel is required.
The Local IP Address/Mask is the range of IP
addresses you want to secure through the tunnel.
The Remote IP Address is the remote networks IP
address range to be secured through the tunnel.
The Gateway is the IPSec tunnel endpoint address.
Step 8
For IP Office B use the parameters
shown in Steps 5 and 6 to complete
the IKE and IPSec form
configurations.
In order for an IPSec SA to be established between
two systems the IKE and IPSec Policies form must be
identical for each peer.
Step 9
Check to see if the tunnel is up.
Using a protocol analyzer, check to see that the six
ISAKMP Main Mode messages appear.
Check to see that four Quick Mode messages appear.
This Signifies that the IPSec Tunnel is up.
When passing data through the tunnel you should see
ESP packets on the protocol analyzer.
The tunnel will be activated when routable traffic is
presented.
Step 10
For VoIP configuration refer to Part
3 VoIP Configuration on page 53
Before beginning the VoIP configurations for this
example it
must be
possible to ping between the
Internal LANs
Do not proceed until all tests are successful.
IP Office (R3.0) Virtual Private Networking
Configuration Examples - Page 39
40DHB0002UKER Issue 3 (4th February 2005)
Part 2: VPN configuration
