SmartWare Software Configuration Guide

32 • VPN configuration

 

 

Sample configurations

The following sample configurations establish IPsec connections between a SmartNode and a Cisco router. To interconnect two SmartNodes instead, derive the configuration for the second SmartNode by doing the follow- ing modifications:

Swap ‘inbound’ and ‘outbound’ settings

Adjust the ‘peer’ setting

Swap the private networks in the ACL profiles

Adjust the IP addresses of the LAN and WAN interfaces

Adjust the route for the remote network

IPsec tunnel, DES encryption

SmartNode configuration

profile ipsec-transform DES esp-encryption des-cbc 64

profile ipsec-policy-manual VPN_DES

use profile ipsec-transform DES

session-key inbound esp-encryption 1234567890ABCDEF session-key outbound esp-encryption FEDCBA0987654321 spi inbound esp 1111

spi outbound esp 2222 peer 200.200.200.1 mode tunnel

profile acl

VPN_Out

permit ip

192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 ipsec-policy VPN_DES

permit ip

any any

profile acl

VPN_In

permit esp any any

permit ah

any any

permit ip

172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

deny ip any any

context ip router

interface LAN

ipaddress 192.168.1.1 255.255.255.0

interface WAN

ipaddress 200.200.200.2 255.255.255.252 use profile acl VPN_In in

use profile acl VPN_Out out

context ip router

route 0.0.0.0 0.0.0.0 200.200.200.1 0 route 172.16.0.0 255.255.0.0 WAN 0

Sample configurations

377

Page 377
Image 377
Patton electronic SmartNode 4110 Series manual IPsec tunnel, DES encryption, SmartNode configuration