Patton electronic SmartNode 4110 Series ユーザーズマニュアル

VPN configuration task list

SmartWare Software Configuration Guide 

To configure a VPN connection, perform the following tasks:

•

Creating an IPsec transformation profile

•

Creating an IPsec policy profile

•

Creating/modifying an outgoing ACL profile for IPsec

•

Configuration of an IP Interface and the IP router for IPsec

•

Displaying IPsec configuration information

•

Debugging IPsec

The IPsec transformation profile defines which authentication and/or encryption protocols, which authentica-
tion and/or encryption algorithms shall be applied.

Procedure: To create an IPsec transformation profile

Mode: Configure

mac-sha1-96 }Enables authentication and defines the authentication protocol and the hash algorithm

Use no in front of the above commands to delete a profile or a configuration entry.

The following example defines a profile for AES-encryption at a key length of 128.

node(cfg)#profile ipsec-transform AES_128
node(pf-ipstr)[AES_128]#esp-encryption aes-cbc 128

The IPsec policy profile supplies the keys for the encryption and/or the authenticators for the authentication, 
the security parameters indexes (SPIs), and IP address of the peer of the secured communication. Furthermore, 
the profile defines which IPsec transformation profile to apply and whether transport or tunnel mode shall be 
most effective.

The SPI identifies a secured communication channel. The IPsec component needs the SPI to select the suitable 
key or authenticator. Inbound and outbound channels can have the same SPI, but the channels in the same 
direction—inbound or outbound—must have unique SPIs. The SPI is not encrypted and can be monitored.

Creates the IPsec transformation profile name

Enables encryption and defines the encryp-
tion algorithm and the key length

Enables authentication and defines the 
authentication protocol and the hash algo-
rithm