Chapter 12: IKE/IPsec Commands

Efficient Networks® Router family

 

Command Line Interface Guide

 

 

Example

The following commands suggest how a virtual interface could be defined for use with Network Address Translation and an IPSec tunnel.

#The address of the corporate LAN is 192.168.0.0, but the desired

#NAT address is 10.0.0.1 so you create a virtual interface (0:99),

#turn off RIP for the interface, and assign it the address 10.0.0.1/24. -> eth add 0:99

-> eth ip opt txrip off 0:99 -> eth ip opt rxrip off 0:99

-> eth ip addr 10.0.0.1 255.255.255.0 0:99

#Next, enable NAT for the virtual interface and route traffic to the

#the corporate backbone (192.168.0.0/16) through the virtual interface. -> eth ip translate on 0:99

-> eth ip addroute 192.168.0.0 255.255.0.0 10.0.0.0.1 0:99

#Later, when you set up the IKE tunnel, include these commands

#when defining a policy. (The policy name is corporate.)

#The source address must be the virtual interface address.

#The destination address must be the corporate backbone address.

#ike ipsec policies set source 10.0.0.1 255.255.255.255 corporate

#ike ipsec policies set dest 192.168.0.0 255.255.0.0 corporate

#ike ipsec policies set translate on corporate

Response

Command prompt.

ike ipsec proposals add

Defines the name of an IKE IPSec proposal. The proposal commands define the proposals exchanged to set up an IPSec security association (SA), that is, an SA to be used for the user data transfer. (see IKE IPSec Proposal Commands” on page 5- 58.)

Mgmt Class

Security (R/W)

Input Format

ike ipsec proposals add <proposalname>

Page 12-22

Efficient Networks®

Page 380
Image 380
Efficient Networks 107-0001-000 manual Ike ipsec proposals add proposalname