CHAPTER 5. IPSEC
266
© SAMSUNG Electronics Co., Ltd.
Remote
ident(ip/mask/port):(10.0.2.0/255.255.255.0/
any)
Peer Address is 172.16.0.2, PFS Group is disabled
outbound ESP sas
Spi: 0xa1f673aa
Transform: aes128(key length=128 bits), sha1
In use settings = {tunnel}
Bytes Processed 256
Hard lifetime in seconds 3290, Hard lifetime in
kilobytes
413695
Soft lifetime in seconds 3200, Soft lifetime in
kilobytes
37355
Joining Two Private Networks Example
The following example demonstrates how to form an IP security tunnel to join
two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements
are as follows:
y
Phase 1: 3DES with SHA1
y
Phase 2: IPSec ESP with AES(256-bit) and HMAC-SHA1
Figure 5.2 Tunnel Mode Between Two Security Gateways-Single Proposals
1.
Configure a WAN bundle of network type untrusted.
Router/configure/interface/bundle wan1# link t1 0/2/0
Router/configure/interface/bundle wan1# encapsulation ppp
Router/configure/interface/bundle wan1# ip address
172.16.0.1 24
Router/configure/interface/bundle wan1# crypto untrusted
Router/configure/interface/bundle wan1# exit
Router 1
Router 2
IPSec ESP
UNTRUSTED
TRUSTED
TRUSTED
Network
10.0.1.0/24
Network
10.0.2.0/24
172.16.0.1 172.16.0.2
Содержание Ubigate iBG2016
Страница 1: ......
Страница 16: ...INTRODUCTION XIV SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 34: ......
Страница 42: ...CHAPTER 1 Basic Configuration 8 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 62: ...CHAPTER 4 System Logging 28 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 70: ......
Страница 108: ......
Страница 126: ...CHAPTER 1 Layer 2 Switching 90 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 140: ...CHAPTER 4 RIP 104 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 156: ...CHAPTER 6 BGP 120 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 176: ...CHAPTER 7 MultiCast Protocols 140 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 180: ...CHAPTER 8 VRRP 144 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 264: ...CHAPTER 10 QoS 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 270: ...CHAPTER 11 VLAN forwarding with QoS 234 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 272: ......
Страница 278: ...CHAPTER 1 Authentication Authorization Accounting 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 298: ...CHAPTER 3 Firewall NAT 248 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 356: ...CHAPTER 5 IPSEC 306 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 358: ......
Страница 390: ...CHAPTER 2 VoIP Gateway Management 336 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 514: ...CHAPTER 4 H 323 Gateway Management 460 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 670: ...CHAPTER 8 Routing and Digit Manipulation 616 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 744: ...EQBD 000071 Ed 00 ...