ADTRAN Stub Routing Especificaciones descargar pdf (Pagina 288)

100

101

Crypto Map Manual Command Set Command Reference Guide

AES-128-CBC 128-bits in length; 16 hexadecimal bytes

AES-192-CBC 192-bits in length; 24 hexadecimal bytes

AES-256-CBC 256-bits in length; 32 hexadecimal bytes

md5 128-bits in length; 16 hexadecimal bytes

sha1 160-bits in length; 20 hexadecimal bytes

Technology Review

The following example configures an ADTRAN OS product for VPN using IPSec manual keys. This example

assumes that the ADTRAN OS product has been configured with a WAN IP Address of 192.168.1.1 on

interface

ethernet 0/1

and a LAN IP Address of 10.10.10.254 on interface

ethernet 0/2

. The Peer Private IP

Subnet is 10.10.20.0.

For more detailed information on VPN configuration, refer to the technical support note Configuring VPN

located on the

NetVanta 3000 Series System Manual

CD provided with your unit.

Step 1:

Enter the Global configuration mode (i.e., config terminal mode).

>enable

#configure terminal

Step 2:

Enable VPN support using the

ip crypto

command. This command allows crypto maps to be applied to

interfaces, and enables the IKE server to listen for IKE negotiation sessions on UDP port 500.

(config)#ip crypto

Step 3:

Define the transform-set. A transform-set defines the encryption and/or authentication algorithms to be used to

secure the data transmitted over the VPN tunnel. Multiple transform-sets may be defined in a system. Once a

transform-set is defined, many different crypto maps within the system can reference it. In this example, a

transform-set named

highly_secure

has been created. This transform-set defines ESP with Authentication

implemented using 3DES encryption and SHA1 authentication.

(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac

(cfg-crypto-trans)#mode tunnel

Step 4:

Define an ip-access list. An Extended Access Control List is used to specify which traffic needs to be sent

securely over the VPN tunnel. The entries in the list are defined with respect to the local system. The source

IP address will be the source of the traffic to be encrypted. The destination IP address will be the receiver of

the data on the other side of the VPN tunnel.

(config)#ip access-list extended corporate_traffic

(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log

deny ip any any

Functional Notes (Continued)

1 2 ... 283 284 285 286 287 288 289 290 291 292 293 ... 567 568

ADTRAN Stub Routing Especificaciones Pagina 288

Comentarios a estos manuales

ADTRAN Stub Routing Especificaciones Pagina 288

Comentarios a estos manuales

Relacionado con productos y manuales para Redes ADTRAN Stub Routing