Chapter 7 VPN

STEP 1

STEP 2

STEP 3

STEP 4

IPSec Security Association Setup — configure the Peer ID address, terminated security zone, and keying mode

Select the Keying Mode, either IKE or Manual.

Manual keying is only recommended for testing as this mode is not secure.

Set up the keys used to authenticate the VPN connection. Depending on the keying mode selected, specify the parameters for IKE Setup or Manual Setup.

Tunnel Setup—select the method to route VPN traffic on the local and remote networks. In this step, you can also enable NAT if you want to perform NAT on traffic entering a VPN tun- nel, or configure a VPN Supernet for a hub-and-spoke network (for details, see the Concepts Guide.)

For additional information on IPSec SA Configuration, see the following topics:

“IPSec Security Association Configuration Parameters” on page 190

“Edit the Default SA for Client-to-Site VPN Connections using L2TP over IPSec” on page 194

“Configure an IPSec SA for a Site-to-Site VPN Connection” on page 195

“Edit the Default SA for Site-to-Site VPN Connections” on page 197

IPSec Security Association Configuration Parameters

The following table describes the IPSec SA configuration parameters. To review the parameter descriptions for a particular group of settings, see the following links:

“IPSec Security Association Setup” on page 190

“Keying Mode” on page 191

“IKE Setup:” on page 191

“Manual Setup:” on page 192

“Tunnel Setup” on page 193

Table 7–3: IPSec Security Association Configuration Parameters

Parameter

Description

 

 

 

IPSec Security Association Setup

 

 

Name

Enter the name for the Security Association. When a VPN

 

connection is established using IPSec, this name identifies the SA

 

used to make the connection on the IPSec Status page.

 

 

Peer IP Address

Enter the IP address of the terminating X family or other network

 

device (the target of the VPN link).

 

Note If you set this to 0.0.0.0, the IPSec can only terminate

 

VPNs.

 

 

190 X Family LSM User’s Guide V 2.5.1