Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

141

142

143

144

145

146

147

148

149

150

144 Chapter 5. Configuring Software Options

IKE Configuration Examples

This section shows two simple IKE configurations. The installation CD also contains sample configuration files.

These files can be edited for your installation and copied to the router using TFTP or the Windows Quick Start

application. For more information on TFTP use, see Batch File Command Execution, page 166.

The first example in this section shows an IKE configuration that uses main mode for a secure connection

between two routers with fixed IP addresses. The second example shows how the first configuration must change

when one of the routers no longer has a fixed IP address thus, requiring aggressive mode.

Main Mode Example

The following example lists two setup files that configure two routers for an IKE main mode connection. The two

routers are referred to as the home office router and the branch office router.

The configuration sets up a secure connection between the two routers across a public network, thus, the routers

are identified by their public IP addresses on the ike peers commands. The packets that are transmitted through

this secure connection are from devices in the home office and branch office networks. These networks use

private addresses, and thus the packets contain private IP addresses. The ike ipsec policies commands specify

these private source and destination addresses.

This is the file for the home office router:

# Home office example using IKE

# Home router private network addresses are 192.168.16.X

# Home router public address is 192.168.17.200

# Branch router private network addresses are 192.168.19.X

# Branch router public address is 192.168.18.201

# Describe the branch office peer

# IKE main mode is used because the branch office has a fixed IP address

# (192.168.18.201). The shared secret is ýThisIsASecret12345;)ý

ike peers add branch_peer

ike peers set mode main branch_peer

ike peers set address 192.168.18.201 branch_peer

ike peers set secret ThisIsASecret12345;) branch_peer

# Describe the branch office IKE phase 1 connection

# DES encryption

Public Network

Home Office

Router

Branch Office

Router

Home

Office

Private

Network

Branch

Office

Private

Network

192.168.16.X

192.168.17.200 192.168.18.201

192.168.19.X