Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

141

142

143

144

145

146

147

148

149

150

Chapter 5. Configuring Software Options 147

save

reboot

Aggressive Mode Example

This example supposes, like the preceding main mode example, that a secure connection is needed between a

home office router and a branch office router. However, now the DSL connection for the branch office router does

not provide a fixed IP address for the branch office router. Thus, an aggressive mode IKE configuration is

required.

To change the main mode configuration to an aggressive mode configuration, you only need to change the ike

peers commands. All the other IKE commands remain the same. Change the mode to aggressive and change the

address of the router that has no fixed address to 0.0.0.0, and specify either its e-mail address or domain name.

Note: Remember to save and reboot each router after entering the configuration changes.

Change the ike peers commands in the home office router configuration to the following:

#Describe the branch office peer

#IKE aggressive mode is required because the branch office does not have

#a fixed IP address. The shared secret is ÒThisIsASecret12345;)Ó

ike peers add branch_peer

ike peers set mode aggressive branch_peer

ike peers set address 0.0.0.0 branch_peer

ike peers set secret ThisIsASecret12345;) branch_peer

ike peers set peeridtype domainname branch_peer

ike peers set peerid branchoffice.big.com branch_peer

ike peers set localidtype ipaddr branch_peer

ike peers set localid 192.168.17.200 branch_peer

Change the ike peers commands in the branch office router configuration to the following:

#Describe the home office peer

#IKE aggressive mode is required because the branch office does not have

#a fixed IP address. The shared secret is ÒThisIsASecret12345;)Ó

ike peers add home_peer

ike peers set mode aggressive home_peer

ike peers set address 192.168.17.200 home_peer

ike peers set secret ThisIsASecret12345;) home_peer

ike peers set peeridtype ipaddr home_peer

ike peers set peerid 192.168.17.200 home_peer

Public Network

Home Office

Router

Branch Office

Router

Home

Office

Private

Network

Branch

Office

Private

Network

192.168.16.X

192.168.17.200

192.168.19.X

(No fixed IP address)

Domain: branchoffice.big.com