Specifications
Chapter 5. Configuring Software Options 145
# MD5 authentication
# Diffie-Hellman group 2 key exchange
# 24-hour timeout
# Unlimited data
ike proposals add branch_proposal
ike proposals set encryption des branch_proposal
ike proposals set message_auth md5 branch_proposal
ike proposals set dh_group 2 branch_proposal
ike proposals set lifetime 86400 branch_proposal
# Describe the desired IPSec connection
# Triple-DES encryption
# SHA1 authentication
# 30-minute timeout
# Unlimited data
ike ipsec proposals add branch_ipsec_prop
ike ipsec proposals set espenc 3des branch_ipsec_prop
ike ipsec proposals set espauth sha1 branch_ipsec_prop
ike ipsec proposals set lifetime 1800 branch_ipsec_prop
ike ipsec proposals set lifedata 0 branch_ipsec_prop
# Describe the packets to be encrypted
# All packets from network 192.168.19.0/24 to network 192.168.16.0/24
ike ipsec policies add branch_policy
ike ipsec policies set source 192.168.16.0 255.255.255.0 branch_policy
ike ipsec policies set dest 192.168.19.0 255.255.255.0 branch_policy
ike ipsec policies set peer branch_peer branch_policy
ike ipsec policies set proposal branch_ipsec_prop branch_policy
# Enable the IKE connection
ike ipsec policies enable branch_policy
# Save the setup and reboot
save
reboot
This is the file for the branch office router:
# Branch office example using IKE
# Home router private network addresses are 192.168.16.X
# Home router public address is 192.168.17.200
# Branch router private network addresses are 192.168.19.X
# Branch router public address is 192.168.18.201