Specifications
146 Chapter 5. Configuring Software Options
# Describe the home office peer
# IKE main mode is used because the home office has a fixed IP address
# (192.168.17.200). The shared secret is ýThisIsASecret12345;)ý
ike peers add home_peer
ike peers set mode main home_peer
ike peers set address 192.168.17.200 home_peer
ike peers set secret ThisIsASecret12345;) home_peer
# Describe the home office IKE phase 1 connection
# DES encryption
# MD5 authentication
# Diffie-Hellman group 2 key exchange
# 24-hour timeout
# Unlimited data
ike proposals add home_proposal
ike proposals set encryption des home_proposal
ike proposals set message_auth md5 home_proposal
ike proposals set dh_group 2 home_proposal
ike proposals set lifetime 86400 home_proposal
# Describe the desired IPSec connection
# Triple-DES encryption
# SHA1 authentication
# 30-minute timeout
# Unlimited data
ike ipsec proposals add home_ipsec_prop
ike ipsec proposals set espenc 3des home_ipsec_prop
ike ipsec proposals set espauth sha1 home_ipsec_prop
ike ipsec proposals set lifetime 1800 home_ipsec_prop
ike ipsec proposals set lifedata 0 home_ipsec_prop
# Describe the packets to be encrypted
# All packets from network 192.168.16.0/24 to network 192.168.19.0/24
ike ipsec policies add home_policy
ike ipsec policies set source 192.168.19.0 255.255.255.0 home_policy
ike ipsec policies set dest 192.168.16.0 255.255.255.0 home_policy
ike ipsec policies set peer home_peer home_policy
ike ipsec policies set proposal home_ipsec_prop home_policy
# Enable the IKE connection
ike ipsec policies enable home_policy
# Save the setup and reboot