Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
341342343344345346347348349350
Chapter 8. Command Reference 341
protected network. (See the example below.) You can use the eth ip addhostmapping command (page 230) to
map a range of NAT addresses to private addresses so the IKE tunnel can be initiated from either end.
on | off Sets the translate option on or off. If translate is set to on, translation is applied before
encryption, and the packets are sent using the host routerÕs public IP address.
PolicyName Name of the IPsec policy to which the source port parameter value is added. To see the
policy names, use the ike ipsec policies list command.
Example:
The following commands suggest how a virtual interface could be defined for use with Network Address
Translation and an IPSec tunnel.
# The address of the corporate LAN is 192.168.0.0, but the desired
# NAT address is 10.0.0.1 so you create a virtual interface (0:99),
# turn off RIP for the interface, and assign it the address 10.0.0.1/24.
eth add 0:99
eth ip opt txrip off 0:99
eth ip opt rxrip off 0:99
eth ip addr 10.0.0.1 255.255.255.0 0:99
#
# Next, enable NAT for the virtual interface and route traffic to the
# the corporate backbone (192.168.0.0/16) through the virtual interface.
eth ip translate on 0:99
eth ip addroute 192.168.0.0 255.255.0.0 10.0.0.0.1 0:99
# Later, when you set up the IKE tunnel, include these commands
# when defining a policy. (The policy name is corporate.)
# The source address must be the virtual interface address.
# The destination address must be the corporate backbone address.
# ike ipsec policies set source 10.0.0.1 255.255.255.255 corporate
# ike ipsec policies set dest 192.168.0.0 255.255.0.0 corporate
# ike ipsec policies set translate on corporate
IKE IPSEC PROPOSALS ADD
Defines the name of an IKE IPSec proposal. The proposal commands define the proposals exchanged to set up an
IPSec security association (SA), that is, an SA to be used for the user data transfer. See IKE IPSec Proposal
Commands, on page 141.
ProposalName New name for an IPsec proposal. To see the proposal names in use, use the ike ipsec
proposals list command.
Example: ike ipsec proposals add myproposal
ike ipsec policies set translate on | off <PolicyName>
ike ipsec proposals add <ProposalName>