11
3. Configure an IPsec connection.
a. Select VPN > IPsec VPN from the navigation tree.
b. Click Add to enter the IPsec connection configuration page (see Figure 363).
c. Enter map1 a
s the IPsec connection name.
d. Select interface Ethernet0/1.
e. Enter 2.2.2.1 as the remote gateway IP address.
f. Select the Pre-Shared-Key box, and then enter abcde in both the Key and Confirm Key
fields.
g. In the Selector area, select the selector type Characteristics of Traffic.
h. Specify 10.1.2.0/0.0.0.255 as the source address/wildcard. Specify 10.1.1.0/0.0.0.255 as
the destination address/wildcard.
i. Click Apply.
Verifying the configuration
After you complete the configuration, packets to be exchanged between subnet 10.1.1.0/24 and
subnet 10.1.2.0/24 triggers the negotiation of SAs by IKE. After IKE negotiation succeeds and the
IPsec SAs are established, a static route to subnet 10.1.2.0/24 through 2.2.2.2 is added to the
routing table on Device A, and traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 is
protected by IPsec.
Configuration guidelines
When you configure IPsec, follow these guidelines:
• Typically, IKE uses UDP port 500 for communication, and AH and ESP use the protocol
numbers 51 and 50 respectively. Make sure flows of these protocols are not denied on the
interfaces with IKE or IPsec configured.
• If you enable both IPsec and QoS on an interface, traffic of an IPsec SA might be put into
different queues by QoS, causing some packets to be sent out of order. As IPsec performs
anti-replay operation, packets outside the anti-replay window in the inbound direction might be
discarded, resulting in packet loss. When using IPsec together with QoS, make sure the
characteristics of traffic in IPsec are the same as traffic classification in QoS.
To Next Page
Loading...
Need help?
General
