Example IPSec connection, applying the default peer concept

Chapter 6

Advanced Features

SpeedTouch™ [1] IPSec peer configuration:

[ipsec peer]=>add name = rempeer2

:ipsec peer add name=rempeer2 [ipsec peer]=>modify

name = rempeer2 [remoteaddr] = 40.0.0.2

[backupaddr] = [exchmode] = main [localid] =

[remoteid] = (addr)40.0.0.2 [phyif] = DIALUP_PPPOE

[descr] = AES_MD5 [auth] = secret1 [client/server] = [options] =

:ipsec peer modify name=rempeer2 remoteaddr=40.0.0.2 remoteid=(addr)40. 0.0.2

[ipsec peer]=>

The parameter localid can remain either unset, or an identifier type can be used that is independent of the IP address, such as the userfqdn.

SpeedTouch™ [2] IPSec peer configuration:

[ipsec peer]=>add name = rempeer1

:ipsec peer add name=rempeer1 [ipsec peer]=>modify

name = rempeer1 [remoteaddr] = 0.0.0.0

[backupaddr] = [exchmode] = main [localid] = (addr)40.0.0.2 [remoteid] =

[phyif] = DIALUP_PPPOE

[descr] = 3DES_MD5 [auth] = secret1 [client/server] = [options] =

:ipsec peer modify name=rempeer1 remoteaddr=0.0.0.0 exchmode=main phyif =DIALUP_PPPOE descr=3DES_MD5 auth=secret1

[ipsec peer]=>

The parameter remoteid remains unset. Any value will be accepted during the Phase 1 negotiation.

When configured with a default peer, the SpeedTouch™ [2] will never be able to initiate outgoing connections as it does not know any IP address of a remote peer. It can operate in responder mode only.

E-DOC-CTC-20051017-0169 v0.1

199

 

Page 200 Page 202
Page 201
Image 201
Nortel Networks 608(WL), 620 manual Example IPSec connection, applying the default peer concept
Page 200 Page 202
Top Page Image Contents