Ubigate iBG2016 Configuration Guide/Ed.00
© SAMSUNG Electronics Co., Ltd.
275
Joining Two Networks using Multiple IPSec
Proposals Example
The following example demonstrates how a security gateway can use multiple
IPSec(phase2) proposals to form an IP security tunnel to join two private
networks: 10.0.1.0/24 and 10.0.2.0/24.
IKE Proposal offered by both Router and NW2:
y
Phase 1: 3DES and SHA1
IPSec Proposals offered by Router:
y
Phase 2: Proposal1: IPSec ESP with DES and HMAC-SHA1
y
Phase 2: Proposal2: IPSec ESP with AES(256-bit) and HMAC-SHA1 IPSec
Proposal offered by NW2:
y
Phase 2: Proposal1: IPSec ESP with AES(256-bit) and HMAC-SHA1
In this example, the Router router offers two IPSec proposals to the peer while
the NW2 router offers only one proposal. As a result of quick mode
negotiation, the two routers are expected to converge on a mutually acceptable
proposal, which is the proposal ‘IPSec ESP with AES(256-bit) and HMAC-
SHA1’ in this example.
Figure 5.3 Tunnel Mode Between Two Security Gateways-Multiple Proposals
1.
Configure a WAN bundle of network type untrusted.
Router/configure/interface/bundle wan1# link t1 0/2/0
Router/configure/interface/bundle wan1# encapsulation ppp
Router/configure/interface/bundle wan1# ip address
172.16.0.1 24
Router/configure/interface/bundle wan1# crypto untrusted
Router/configure/interface/bundle wan1# exit
Router 1
Router 2
IPSec ESP
UNTRUSTED
TRUSTED
TRUSTED
Network
10.0.1.0/24
Network
10.0.2.0/24
172.16.0.1 172.16.0.2
Содержание Ubigate iBG2016
Страница 1: ......
Страница 16: ...INTRODUCTION XIV SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 34: ......
Страница 42: ...CHAPTER 1 Basic Configuration 8 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 62: ...CHAPTER 4 System Logging 28 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 70: ......
Страница 108: ......
Страница 126: ...CHAPTER 1 Layer 2 Switching 90 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 140: ...CHAPTER 4 RIP 104 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 156: ...CHAPTER 6 BGP 120 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 176: ...CHAPTER 7 MultiCast Protocols 140 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 180: ...CHAPTER 8 VRRP 144 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 264: ...CHAPTER 10 QoS 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 270: ...CHAPTER 11 VLAN forwarding with QoS 234 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 272: ......
Страница 278: ...CHAPTER 1 Authentication Authorization Accounting 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 298: ...CHAPTER 3 Firewall NAT 248 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 356: ...CHAPTER 5 IPSEC 306 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 358: ......
Страница 390: ...CHAPTER 2 VoIP Gateway Management 336 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 514: ...CHAPTER 4 H 323 Gateway Management 460 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 670: ...CHAPTER 8 Routing and Digit Manipulation 616 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...
Страница 744: ...EQBD 000071 Ed 00 ...