52 CHAPTER 17: CONFIGURING IPSEC
<auth_algorithm> : MD5 | SHA
<portlist >: 1-65535 | * | Archie | DNS | Finger | FTP | FTPData |
Gopher | HTTP | NFS | NNTP | NTP | POP2 | POP3 |
PortMap | RIP | SMTP | SNMP | SNMPTrap | Syslog |
Telnet | TFTP | WAIS
The default for encrypt_algorithms is DES. The default for auth_algorithms is
MD5.
Creating an Encryption Policy
To create an encryption policy for Telnet traffic using the default encryption
algorithm DesCbc from router 1 with IP address 170.0.0.1 to router 2 with IP
address 180.0.0.1, follow these steps:
1 On bridge/router 1, enter:
ADD !1 -IPSEC POLicy esp_pol EspXport tcp(*, Telnet) 170.0.0.1 180.0.0.1
2 On bridge/router, 2 enter:
ADD !1 -IPSEC POLicy esp_pol EspXport tcp(Telnet,*) 180.0.0.1 170.0.0.1
To configure an encryption policy for Telnet traffic using the 3DES2key encryption
algorithm between router 1 with IP address 170.0.0.1 and router 2 with IP address
180.0.0.1, follow these steps:
1 On bridge/router 1, enter:
ADD !1 -IPSEC POLicy esp_pol EspXport tcp(Telnet,*) (*,Telnet) 170.0.0.1
180.0.0.1 3DES2key
2 On bridge/router, 2 enter:
ADD !1 -IPSEC POLicy esp_pol EspXport tcp(Telnet,*) (*,Telnet) 180.0.0.1
170.0.0.1 3DES2key
Creating a Security Policy
To create a security policy to provide data confidentiality and data integrity for
PPTP tunnel traffic between router 1 and router 2, follow these steps:
1 On bridge/router 1 enter:
ADD !1 -IPSEC POLicy ahesp_pol AhEspXport tcp, gre 170.0.0.1 180.0.0.1
2 On bridge/router 2, enter:
ADD !1 -IPSEC POLicy ahesp_pol AhEspXport tcp, gre 180.0.0.1 170.0.0.1
Creating Key Sets To create a key set, use:
ADD -IPSEC KeySet <key_set_name> [EncryptKey (“<encrypt_key>” |
“%<encrypt_key>”)] [AuthKey (“<auth_key>” | “%<auth_key>”)]
The encrypt_key and auth_key must match the values on the peer system at the
other end of the security association.
<key_set_name> is a name you assign to the key set you are adding.