3Com 11.1 Network Router User Manual


 
56 CHAPTER 17: CONFIGURING IPSEC
On router 2, setup the PPTP tunnel from 170.0.0.1 to 180.0.0.1 by following these
steps:
1 Set the system name of router 2 to "router2" by entering:
SETDefault scid="router2"
2 Create a virtual port that will accept connection requests from only router1 by
entering:
ADD !v1 -POrt VirtualPort scid"router1"
3 Assign an IP address to the tunnel virtual port by entering:
SETDefault !v1 -IP NETaddr=20.0.0.2 255.255.0.0
4 Create a route between two tunnel endpoints by entering:
ADD -IP ROUte 170.0.0.1 !1 1
5 Add a static route to route traffic over a PPTP tunnel by entering the following or
turn on routing protocols on the corresponding virtual port:
ADD -IP ROUte 130.0.0.0 255.255.0.0 !v1 1
6 Assign the peer dial number to the PPTP tunnel dial number list by entering:
ADD !v1 -POrt DialNoList "@170.0.0.1" Type=pptp
7 Optionally set dial idle time-out to zero to keep tunnel from timing out by
entering:
SETDefault !v1 -POrt DialIdleTime=0
8 Enable Layer 2 Tunnelling (PPTP) by entering:
SETDefault -L2Tunnel CONTrol=Enable
9 Configure an IPSEC policy/security association by entering:
ADD !1 -IPSEC manualPOLicy pptp_ahesp AhEspXport tcp,gre 170.0.0.1
180.0.0.1
ADD -IPSEC keyset pptp_key EncryptKey "hello124" AuthKey "world678"
SETDefault !1 -IPSEC ManualKeyInfo=pptp_ahesp pptp_key SpiEsp 501 500
SpiAh 601 600
SETDefault !1 -IPSEC CONTrol=Enable
Establishing the Dialup
Tunnel
After all the configuration is completed at both ends of the connection, you can
dial the PPTP tunnel from either end by entering:
DIal !v1
How IPsec Works IPsec integrates security directly into IP. IPsec provides three main areas of security:
authentication, which validates the communicating parties; integrity, which makes
sure the data has not been altered; and privacy, which ensures the data cannot be
intercepted and viewed.
IPsec secures the underlying network layer. That way, an IPsec link is secure
regardless of the application.