SmartWare Software Configuration Guide32 • VPN configuration

Cisco router configuration

crypto ipsec transform-set DES esp-des

!

crypto map VPN_DES local-address FastEthernet0/1 crypto map VPN_DES 10 ipsec-manual

set peer 200.200.200.2

set session-key inbound esp 2222 cipher FEDCBA0987654321 set session-key outbound esp 1111 cipher 1234567890ABCDEF set transform-set DES

match address 110

!

access-list 110 permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.0.0

!

interface FastEthernet0/1

ip address 200.200.200.1 255.255.255.252 crypto map VPN_DES

!

ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC- SHA1-96

SmartNode configuration

profile ipsec-transform AES_SHA1 esp-encryption aes-cbc 256 ah-authentication hmac-sha1-96

profile ipsec-policy-manual VPN_AES_SHA1 use profile ipsec-transform AES_SHA1

session-key inbound ah-authentication 1234567890ABCDEF1234567890ABCDEF12345678 session-key outbound ah-authentication FEDCBA0987654321FEDCBA0987654321FEDCBA09 session-key inbound esp-encryption

1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF session-key outbound esp-encryption

FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 spi inbound ah 3333

spi outbound ah 4444 spi inbound esp 5555 spi outbound esp 6666 peer 200.200.200.1 mode tunnel

...

Rest of the configuration, see above, just change the name of the IPsec policy pro- file in the ACL profile ‘VPN_Out’

Cisco router configuration

crypto ipsec transform-set AES_SHA1 ah-sha-hmac esp-aes 256

!

crypto map VPN_AES_SHA1 local-address FastEthernet0/1 crypto map VPN_AES_SHA1 10 ipsec-manual

set peer 200.200.200.2

Sample configurations

378

Page 378
Image 378
Patton electronic SmartNode 4110 Series manual Cisco router configuration