Chapter 3. Command Reference

 

remote < default-route dhcp group group-name

 

subnet ip netmask netmask range ip1 ip2 >

 

select the destination IP addresses that can be reached over this IPSec tunnel by

 

specifying an IP address group, subnet, or range.

 

Choose default-routeif this device uses this IPSec tunnel as its default route

 

for all network traffic that does not have a more specific route. Choose dhcp if

 

the remote device receives IP addresses by DHCP over this IPSec tunnel.

 

zone zone

 

specify the security zone on which you want the VPN terminated.

 

 

 

Using conf t vpn ipsec

create and

Use configure terminal vpn ipsec sa to create and enter the context of a Security Association. In this

enter the

example, an SA called tunnelone is created. The next command line is within the context of the SA.

context of an

 

SA

hostname# conf t vpn ipsec add tunnelone

 

hostname# conf t vpn ipsec sa tunnelone

 

hostname(tunnelone)#

configure the

Use peer in the context of an SA to configure the IP address of the IPSec gateway. In this example, the

IP address of

IPSec gateway 192.168.1.5 is configured within the context of the SA tunnelone:

the IPSec

 

gateway

hostname(tunnelone)# peer 192.168.1.5

configure the

Use zone within the context of an SA to configure the security zone where a VPN tunnel will terminate.

termination

In this example, the termination zone is set to LAN within the context of the SA tunnelone:

zone

 

 

hostname(tunnelone)# zone LAN

configure the

Use key within the context of an SA to configure the keying mode. In this example, set in the context of

keying mode

the SA tunnelone, the keying mode is set to IKE with the proposal ike-propsal1, the peer ID is

 

xyz.abc.com and the shared secret is bananas!:

 

hostname(tunnelone)# key ike proposal ike-proposal1 peer-id xyz.abc.com

 

shared-secret bananas!

configure the

Use tunnel within the context of an SA to set the destination network of the tunnel. In the example, the

destination

destination network is configured on the subnet 192.168.2.0 and netmask 255.255.255.0:

network

 

 

hostname(tunnelone)# tunnel subnet 192.168.2.0 netmask 255.255.255.0

 

 

 

conf t vpn l2tp

 

The configure terminal vpn l2tp command configures an L2TP VPN connection.

76 X Family CLI Reference V 2.5.1