Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-64 Efficient Networks
®
# Describe the branch office IKE phase 1 connection
# DES encryption
# MD5 authentication
# Diffie-Hellman group 2 key exchange
# 24-hour timeout
# Unlimited data
ike proposals add branch_proposal
ike proposals set encryption des branch_proposal
ike proposals set message_auth md5 branch_proposal
ike proposals set dh_group 2 branch_proposal
ike proposals set lifetime 86400 branch_proposal
# Describe the desired IPSec connection
# Triple-DES encryption
# SHA1 authentication
# 30-minute timeout
# Unlimited data
ike ipsec proposals add branch_ipsec_prop
ike ipsec proposals set espenc 3des branch_ipsec_prop
ike ipsec proposals set espauth sha1 branch_ipsec_prop
ike ipsec proposals set lifetime 1800 branch_ipsec_prop
ike ipsec proposals set lifedata 0 branch_ipsec_prop
# Describe the packets to be encrypted
# All packets from network 192.168.19.0/24 to network
192.168.16.0/24
ike ipsec policies add branch_policy
ike ipsec policies set source 192.168.16.0 255.255.255.0
branch_policy
ike ipsec policies set dest 192.168.19.0 255.255.255.0
branch_policy
ike ipsec policies set peer branch_peer branch_policy
ike ipsec policies set proposal branch_ipsec_prop branch_policy
# Enable the IKE connection
ike ipsec policies enable branch_policy
# Save the setup and reboot
save
reboot
This is the file for the branch office router: