branch office 2
7. Check feature licences
Check that you have a 3DES feature licence for the ISAKMP policy.
show feature
You can purchase feature licences from your Allied Telesis distributor.
If necessary, install the licence, using the password provided by your distributor.
enable feature=3des
8. Configure the VPNs for connecting to the headquarters office
Enable IPsec
enable ipsec
In this example, IPsec SA specification proposes:
zISAKMP as the key management protocol
zESP as the IPsec protocol
z3DES as the encryption algorithm for ESP
zSHA as the hashing algorithm for ESP authentication
Create an SA specification for the headquarters office
create ipsec sas=1 key=isakmp prot=esp enc=3desouter hasha=sha
Note that the branch office 2 router has no connections from roaming VPN clients so does not need SA specifications for them.
Create an IPsec bundle for the SA specification.
create ipsec bund=1 key=isakmp string="1"
Create an IPsec policy to permit ISAKMP messages to bypass IPsec.
create ipsec pol=isakmp int=ppp0 ac=permit lp=500 rp=500
Create an IPsec policy for the VPN traffic between headquarters and branch office 2. Identify the traffic by its local and remote
create ipsec pol=hq int=ppp0 ac=ipsec key=isakmp bund=1 peer=200.200.200.1 isa=hq lad=192.168.142.0 lma=255.255.255.0 rad=192.168.0.0 rma=255.255.0.0
Page 27 AlliedWare™ OS How To Note: VPNs for Corporate Networks