IPSEC SITE TO SITE VPN IN HP MSR 2003
Acl for allowing the traffic for IPSEC tunnel for DR and DC site
#
acl number 3001 name IPSEC-ACL-D1 match-order auto
rule 0 permit ip source 172.30.12.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
#
acl number 3002 name IPSEC-ACL-D2 match-order auto
rule 0 permit ip source 172.30.12.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
#
------------------------------------------------IPSEC Configuration---------------------------------------------------------------
#
ipsec anti-replay window 1024
ipsec sa global-duration time-based 86400
ipsec sa idle-time 120
#
ipsec transform-set test IPSEC Transform-set
esp encryption-algorithm des-cbc
esp authentication-algorithm sha1
#
ipsec policy-template test 1 Site 1 configuration
transform-set test
security acl 3001 ACL linking with Ipsec policy
remote-address 172.16.20.1 Remote Peer
reverse-route dynamic Dynamically Router will generate static routes for this path
reverse-route tag 1980
#
ipsec policy-template test 2 Site 2 configuration
transform-set test
security acl 3002
remote-address 172.16.120.5
reverse-route dynamic
reverse-route tag 1981
#
ipsec policy test 10 isakmp template test
#
ike proposal 1
encryption-algorithm 3des-cbc
#
ike proposal 2
encryption-algorithm 3des-cbc
#
ike keychain test Preshared Keys for both sites
pre-shared-key address 172.16.20.1 255.255.255.255 key cipher $c$3$nxjzSsXFLYV9STbF4Q/SPuflAecjGCqegMpjPZF661JHEAo35g==
pre-shared-key address 172.16.120.5 255.255.255.255 key cipher $c$3$Om1IkIRIu9aRYXa6iMfpf/jXMQXlQKbcE0TeZBjqih2YgPbRVw==
Acl for allowing the traffic for IPSEC tunnel for DR and DC site
#
acl number 3001 name IPSEC-ACL-D1 match-order auto
rule 0 permit ip source 172.30.12.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
#
acl number 3002 name IPSEC-ACL-D2 match-order auto
rule 0 permit ip source 172.30.12.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
#
------------------------------------------------IPSEC Configuration---------------------------------------------------------------
#
ipsec anti-replay window 1024
ipsec sa global-duration time-based 86400
ipsec sa idle-time 120
#
ipsec transform-set test IPSEC Transform-set
esp encryption-algorithm des-cbc
esp authentication-algorithm sha1
#
ipsec policy-template test 1 Site 1 configuration
transform-set test
security acl 3001 ACL linking with Ipsec policy
remote-address 172.16.20.1 Remote Peer
reverse-route dynamic Dynamically Router will generate static routes for this path
reverse-route tag 1980
#
ipsec policy-template test 2 Site 2 configuration
transform-set test
security acl 3002
remote-address 172.16.120.5
reverse-route dynamic
reverse-route tag 1981
#
ipsec policy test 10 isakmp template test
#
ike proposal 1
encryption-algorithm 3des-cbc
#
ike proposal 2
encryption-algorithm 3des-cbc
#
ike keychain test Preshared Keys for both sites
pre-shared-key address 172.16.20.1 255.255.255.255 key cipher $c$3$nxjzSsXFLYV9STbF4Q/SPuflAecjGCqegMpjPZF661JHEAo35g==
pre-shared-key address 172.16.120.5 255.255.255.255 key cipher $c$3$Om1IkIRIu9aRYXa6iMfpf/jXMQXlQKbcE0TeZBjqih2YgPbRVw==
Interface serial 3/0
ipsec apply policy test1 Ipsec applied on to interface
No comments:
Post a Comment