OnSite 2800 Series User Manual | 6 • VPN configuration |
|
|
Transport and tunnel modes
The mode determines the payload of the ESP packet and hence the application:
•Transport mode: Encapsulates only the payload of the original IP packet, but not its header, so the IPsec peers must be at the endpoints of the communications link.
•A secure connection between two hosts is the application of the transport mode.
•Tunnel mode: Encapsulates the payload and the header of the original IP packet. The IPsec peers can be (edge) routers that are not at the endpoints of the communications link.
A secure connection of the two (private) LANs, a ‘tunnel’, is the application of the tunnel mode.
VPN configuration task list
To configure a VPN connection, perform the following tasks:
•Creating an IPsec transformation profile
•Creating an IPsec policy profile
•Creating/modifying an outgoing ACL profile for IPsec
•Configuration of an IP Interface and the IP router for IPsec
•Displaying IPsec configuration information
•Debugging IPsec
Creating an IPsec transformation profile
The IPsec transformation profile defines which authentication and/or encryption protocols, which authentica- tion and/or encryption algorithms shall be applied.
Procedure: To create an IPsec transformation profile
Mode: Configure
Step | Command | Purpose |
|
|
|
1 | node(cfg)#profile | Creates the IPsec transformation profile name |
2 | Enables encryption and defines the encryp- | |
optional | tion algorithm and the key length | |
|
|
|
3 | Enables authentication and defines the | |
optional | | authentication protocol and the hash algo- |
| rithm | |
|
|
|
Use no in front of the above commands to delete a profile or a configuration entry.
Example: Create an IPsec transformation profile
The following example defines a profile for
2800(cfg)#profile
VPN configuration task list | 69 |
