Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

191

192

193

194

195

196

197

198

199

200

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-62 Efficient Networks

Requires that the data come from the specified source IP address and mask.

-> ike ipsec policies set dest <ipaddress> <ipmask> <policyname>

Requires that the data be intended for the specified destination IP address and mask.

-> ike ipsec policies set translate on | off <policyname>

Determines whether the router applies NAT (network address translation) before the

packets are encrypted by IPSec. If translate is set to on, the packets are sent using

the host router’s public IP address. The remote must have IP address translation

enabled (see “Network Address Translation (NAT)” on page 4-17.). The address that

NAT translates to should be the source or destination address for the policy (use the

set source or set dest commands).

-> ike ipsec policies set protocol <protocol | tcp | udp | *>

Requires a specific protocol that must be used or allows any protocol (*).

-> ike ipsec policies set sourceport <portnumber | telnet |

http | smtp | tftp | *> <policyname>

Requires a specific source port for the data or allows any source port (*) (Because

port numbers are TCP and UDP specific, a port filter is effective only when the

protocol filter is TCP or UDP.)

-> ike ipsec policies set destport <portnumber | telnet | http

| smtp | tftp | *> <policyname>

Requires a specific destination port for the data or allows any destination port (*).

(Because port numbers are TCP and UDP specific, a port filter is effective only when

the protocol filter is TCP or UDP.)

-> ike ipsec policies set interface <interface> <policyname>

Requires a specific interface that must be used or allows all interfaces (all). The policy

is only used when the specified interface is connected. The specified interface must

be the interface to the IKE peer.

IKE Configuration Examples

This section shows two simple IKE configurations. The installation CD also contains

sample configuration files. These files can be edited for your installation and copied to

the router using TFTP or the Windows Quick Start application. For more information

on TFTP use, see Batch File Command Execution xxx.

The first example in this section shows an IKE configuration that uses main mode for

a secure connection between two routers with fixed IP addresses. The second

example shows how the first configuration must change when one of the routers no

longer has a fixed IP address thus, requiring aggressive mode.