Configuration manual

54 VPN configuration

NN47928-501NN47928-501

5 Set the identity of the other end of the connection. The address must match the

"VPN remote identity" value set in the ‘Configuring remote identity’:

isakmp peer identity ipv4 <remote-IP-address>

6 Configure the IP address of the remote end of the tunnel:

set peer <remote-IP-address>

7 Set the identity of the BSG of the connection:

isakmp local identity ipv4 <IP-addr-of-BSG>

8 Set the IKE phase 1 values

isakmp policy encryption aes-192 hash sha1 dh group5 exch

<exch-mode> lifetime <lifetime-units> <lifetime-value>

9 Set the IKE phase 2 values

crypto map ipsec encryption esp aes-192 authentication esp

sha1 pfs group5 lifetime <lifetime-units> <lifetime-value>

10 Configure the sources and destinations to which this policy applies

access-list apply any source <source-IP>

<source-subnet-mask> destination <dest-IP>

<dest-subnet-mask>

11 Exit crypto configuration mode:

exit

The system is now in global configuration mode.

12 Enter interface configuration mode on the WAN interface:

interface <WAN-interface-type> <WAN-interface-id>

13 Assign the cryptographic policy to the WAN interface:

crypto map <policy-name>

14 Exit from all configuration modes:

end

End

Variable definitions

The following table describes the variables and values for configuring IKE preshared secret.

Variable Value

policy-name

A IPsec policy name.

Each policy must have a unique name.

The range is 1 to 63 characters.

Policy name ALL is not allowed.

remote-IP-address

IP address of the other end of the VPN connection.

IP-addr-of-BSG

The IP address of this BSG.