Manualshelf

Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card
191192193194195196197198199200
• transport mode example using ESP with automatic keying and automatic policy generating on
Router 1 and static policy on Router 2
• for Router1
[admin@Router1] > ip ipsec peer add address=1.0.0.0/24 \
\... secret="gvejimezyfopmekun" generate-policy=yes
• for Router2
[admin@Router2] > ip ipsec policy add sa-src=1.0.0.2 sa-dst=1.0.0.1 \
\... action=encrypt
[admin@Router2] > ip ipsec peer add address=1.0.0.1 \
\... secret="gvejimezyfopmekun"
• tunnel mode example using AH with manual keying
• for Router1
[admin@Router1] > ip ipsec manual-sa add name=ah-sa1 \
\... ah-spi=0x101/0x100 ah-key=abcfed
[admin@Router1] > ip ipsec policy add src-address=10.1.0.0/24 \
\... dst-address=10.2.0.0/24 action=encrypt ipsec-protocols=ah \
\... tunnel=yes sa-src=1.0.0.1 sa-dst=1.0.0.2 manual-sa=ah-sa1
• for Router2
[admin@Router2] > ip ipsec manual-sa add name=ah-sa1 \
\... ah-spi=0x100/0x101 ah-key=abcfed
[admin@Router2] > ip ipsec policy add src-address=10.2.0.0/24 \
\... dst-address=10.1.0.0/24 action=encrypt ipsec-protocols=ah \
\... tunnel=yes sa-src=1.0.0.2 sa-dst=1.0.0.1 manual-sa=ah-sa1
IPsec Between two Masquerading Wandy Routers
1. Add accept and masquerading rules in SRC-NAT
• for Router1
[admin@Router1] > ip firewall src-nat \
\... add src-address=10.1.0.0/24 dst-address=10.2.0.0/24
[admin@Router1] > ip firewall src-nat add out-interface=public \
\... action=masquerade
• for Router2
[admin@Router2] > ip firewall src-nat \
\... add src-address=10.2.0.0/24 dst-address=10.1.0.0/24
[admin@Router2] > ip firewall src-nat add out-interface=public \
\... action=masquerade
2. configure IPsec
• for Router1
[admin@Router1] > ip ipsec policy add src-address=10.1.0.0/24 \
\... dst-address=10.2.0.0/24 action=encrypt tunnel=yes \
\... sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2
[admin@Router1] > ip ipsec peer add address=1.0.0.2 \
\... exchange-mode=aggressive secret="gvejimezyfopmekun"
• for Router2
[admin@Router2] > ip ipsec policy add src-address=10.2.0.0/24 \
\... dst-address=10.1.0.0/24 action=encrypt tunnel=yes \
\... sa-src-address=1.0.0.2 sa-dst-address=1.0.0.1
[admin@Router2] > ip ipsec peer add address=1.0.0.1 \
\... exchange-mode=aggressive secret="gvejimezyfopmekun"
Wandy router to CISCO Router
We will configure IPsec in tunnel mode in order to protect traffic between attached subnets.
1. Add peer (with phase1 configuration parameters), DES and SHA1 will be used to protect IKE
traffic
• for Wandy router