Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
301302303304305306307308309310
XSR Users Guide 273
Chapter 11 Configuring a Simple VPN Site-to-Site Application
Configuring the Virtual Private Network
lifetime. You can specify an SA lifetime of seconds and kilobytes -
whichever value runs out first will cause a rekey.
XSR(config)#crypto ipsec transform-set esp-3des-sha esp-3des
esp-sha-hmac
+ Names transform-set with encryption and data integrity values
XSR(cfg-crypto-tran)#set pfs group1 + Set P+S group number
XSR(cfg-crypto-tran)#set security-association lifetime
[kilobytes | seconds]
+ Sets SA lifetime in either kilobytes or seconds
7 Configure three crypto map Test entries which correlate with specified
transform-sets and ACLs 140, 130 and 120, attach the map to a remote
peer, configure an independent SA for each traffic stream to a host, and
select your choice of IPSec mode. Crypto map match statements render
the associated ACLs bi-directional.
XSR(config)#crypto map Test 40
+ Adds crypto map Test, sequence #40
XSR(config-crypto-m)#set transform-set esp-3des-sha
+
Correlates map with the specified transform set
XSR(config-crypto-m)#match address 140
+ Applies map to ACL 140 and renders the ACL bi-directional
XSR(config-crypto-m)#set peer 1.1.1.2
+ Attaches map to peer
XSR(config-crypto-m)#mode [tunnel | transport]
+ Selects IPSec mode for XSR-to-XSR (tunnel) or host to XSR (transport)
XSR(config-crypto-m)#set security-association level per-host
+ Sets a separate SA for every traffic flow
XSR(config)#crypto map Test 20
+ Adds crypto map Test, sequence #20
XSR(config-crypto-m)#set transform-set esp-3des esp-sha-hmc
+ Correlates map with the specified transform set
XSR(config-crypto-m)#match address 120
+ Applies map to ACL 120 and renders the ACL bi-directional
XSR(config-crypto-m)#set peer 1.1.1.3
+ Attaches map to peer
XSR(config-crypto-m)#mode [tunnel | transport]
+ Selects IPSec mode
XSR(config-crypto-m)#set security-association level per-host
+ Sets a separate SA for every traffic flow
XSR(config)#crypto map Test 30
+ Adds crypto map Test, sequence #30
XSR(config-crypto-m)#set transform-set esp-des esp-sha-hmc
+
Correlates map with the specified transform set