56CHAPTER 17: CONFIGURING IPSEC

On router 2, setup the PPTP tunnel from 170.0.0.1 to 180.0.0.1 by following these steps:

1Set the system name of router 2 to "router2" by entering:

SETDefault scid="router2"

2Create a virtual port that will accept connection requests from only router1 by entering:

ADD !v1 -POrt VirtualPort scid"router1"

3Assign an IP address to the tunnel virtual port by entering:

SETDefault !v1 -IP NETaddr=20.0.0.2 255.255.0.0

4Create a route between two tunnel endpoints by entering:

ADD -IP ROUte 170.0.0.1 !1 1

5Add a static route to route traffic over a PPTP tunnel by entering the following or turn on routing protocols on the corresponding virtual port:

ADD -IP ROUte 130.0.0.0 255.255.0.0 !v1 1

6Assign the peer dial number to the PPTP tunnel dial number list by entering:

ADD !v1 -POrt DialNoList "@170.0.0.1" Type=pptp

7Optionally set dial idle time-out to zero to keep tunnel from timing out by entering:

SETDefault !v1 -POrt DialIdleTime=0

8Enable Layer 2 Tunnelling (PPTP) by entering:

SETDefault -L2Tunnel CONTrol=Enable

9Configure an IPSEC policy/security association by entering:

ADD !1 -IPSEC manualPOLicy pptp_ahesp AhEspXport tcp,gre 170.0.0.1 180.0.0.1

ADD -IPSEC keyset pptp_key EncryptKey "hello124" AuthKey "world678"

SETDefault !1 -IPSEC ManualKeyInfo=pptp_ahesp pptp_key SpiEsp 501 500

SpiAh 601 600

SETDefault !1 -IPSEC CONTrol=Enable

Establishing the Dialup After all the configuration is completed at both ends of the connection, you can Tunnel dial the PPTP tunnel from either end by entering:

DIal !v1

How IPsec Works

IPsec integrates security directly into IP. IPsec provides three main areas of security:

 

authentication, which validates the communicating parties; integrity, which makes

 

sure the data has not been altered; and privacy, which ensures the data cannot be

 

intercepted and viewed.

 

IPsec secures the underlying network layer. That way, an IPsec link is secure

 

regardless of the application.

Page 54
Image 54
3Com 11.1 manual How IPsec Works, Create a route between two tunnel endpoints by entering, Intercepted and viewed