Nortel 4134 用户指南
118
IPsec VPN configuration
—End—
In order for traffic to be forwarded through the VPN, a static or dynamic
route to the peer must be available.
route to the peer must be available.
Configuring IKE for site-to-site VPN
Creating an IKE policy
Create an IKE policy for a dynamic ISAKMP SA.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To create the IKE policy for site-to-site VPN, enter:
ike policy <policy-name> <peer-address>
—End—
Table 43
Variable definitions
Variable definitions
Variable
Value
<policy-name>
Specifies the IKE policy name. Max 8 characters.
<peer-address>
Specifies the peer IP address for IKE negotiations.
Configuring the local address for IKE negotiations
Configure the local address for IKE negotiations. The local address and the
address in the certificate must match.
address in the certificate must match.
When executed, this command creates an IKE policy proposal with default
values of Preshared Key, 3DES, SHA1, and DH-group2.
values of Preshared Key, 3DES, SHA1, and DH-group2.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.