ADTRAN Stub Routing Dokumentacja Pobierz pdf (Strona 289)

Command Reference Guide Crypto Map Manual Command Set

Step 5:

Create crypto map and define manual keys. A Crypto Map is used to define a set of encryption schemes to be

used for a given interface. A crypto map entry has a unique index within the crypto map set. The crypto map

entry will specify whether IKE is used to generate encryption keys or if manually specified keys will be used.

The crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform-set

or sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime of

all created IPSec Security Associations.

The keys for the algorithms defined in the transform-set associated with the crypto map will be defined by

using the

set session-key

command. A separate key is needed for both inbound and outbound traffic. The

key format consists of a string of hexadecimal values without the leading

for each character. For example,

a cipher key of

this is my cipher key

would be entered as:

74686973206973206D7920636970686572206B6579

A unique Security Parameter Index (SPI) is needed for both inbound and outbound traffic. The local system’s

inbound SPI and keys will be the peer’s outbound SPI and keys. The local system’s outbound SPI and keys

will be the peer’s inbound SPI and keys. In this example the following keys and SPIs are used:

• Inbound cipher SPI: 300Inbound cipher key: "2te$#g89jnr(j!@4rvnfhg5e"

• Outbound cipher SPI: 400Outbound cipher key: "8564hgjelrign*&(gnb#1$d3"

• Inbound authenticator key:"r5%^ughembkdhj34$x.<"

• Outbound authenticator key:"io78*7gner#4(mgnsd!3"

(config)#crypto map corporate_vpn 1 ipsec-ike

(config-crypto-map)#match address corporate_traffic

(config-crypto-map)#set peer 192.168.1.2

(config-crypto-map)#set transform-set highly_secure

(config-crypto-map)#set session-key inbound esp 300 cipher

32746524236738396A6E72286A21403472766E6668673565 authenticator

7235255E756768656D626B64686A333424782E3C

(config-crypto-map)#set session-key outbound esp 400 cipher

3835363468676A656C7269676E2A2628676E622331246433 authenticator

696F37382A37676E65722334286D676E73642133

Step 6:

Configure public interface. This process includes configuring the IP address for the interface and applying the

appropriate crypto map to the interface. Crypto maps are applied to the interface on which encrypted traffic will

be transmitted.

(config)#interface ethernet 0/1

(config-eth 0/1)#ip address 192.168.1.1 255.255.255.0

(config-eth 0/1)#crypto map corporate_vpn

(config-eth 0/1)#no shutdown

Step 7:

Configure private interface and add a static route to allow all traffic destined for the VPN tunnel to be routed to

the appropriate gateway.

(config)#interface ethernet 0/2

(config-eth 0/2)#ip address 10.10.10.254 255.255.255.0

(config-eth 0/2)#no shutdown

(config-eth 0/2)#exit

(config)#ip route 10.10.20.0 255.255.255.0 192.168.1.2

Technology Review (Continued)

1 2 ... 284 285 286 287 288 289 290 291 292 293 294 ... 567 568

ADTRAN Stub Routing Dokumentacja Strona 289

Komentarze do niniejszej Instrukcji

ADTRAN Stub Routing Dokumentacja Strona 289

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ADTRAN Stub Routing