Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

201

202

203

204

205

206

207

208

209

210

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-66 Efficient Networks

ike ipsec policies add home_policy

ike ipsec policies set source 192.168.19.0 255.255.255.0

home_policy

ike ipsec policies set dest 192.168.16.0 255.255.255.0

home_policy

ike ipsec policies set peer home_peer home_policy

ike ipsec policies set proposal home_ipsec_prop home_policy

# Enable the IKE connection

ike ipsec policies enable home_policy

# Save the setup and reboot

save

reboot

Aggressive Mode Example

This example supposes, like the preceding main mode example, that a secure

connection is needed between a home office router and a branch office router.

However, now the DSL connection for the branch office router does not provide a

fixed IP address for the branch office router. Thus, an aggressive mode IKE

configuration is required.

To change the main mode configuration to an aggressive mode configuration, you

only need to change the ike peers commands. All the other IKE commands remain

the same. Change the mode to aggressive and change the address of the router that

has no fixed address to 0.0.0.0, and specify either its e-mail address or domain name.

NOTE:

Remember to save and reboot each router after entering the configuration changes.

Change the ike peers commands in the home office router configuration to the

following:

Figure 5-9: Aggressive Mode Example

Public Network

Home Office

Router

Branch Office

Router

Home

Office

Private

Network

Branch

Office

Private

Network

192.168.16.X

192.168.17.200

192.168.19.X

(No fixed IP address)

Domain: branchoffice.big.com