Nortel 4134 用户指南
132
IPsec VPN configuration
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify the IPsec policy to configure, enter:
ipsec policy <policy-name> <peer-gateway-ip>
4
To enable or disable anti-replay, enter:
pfs-group {group1 | group2 | group5}
—End—
Table 57
Variable definitions
Variable definitions
Variable
Value
group1
768-bit. RFC 2409
group2
1024-bit. RFC 2409.
group5
1536-bit. RFC 2409.
Configuring IPsec proposal
Configure an IPsec proposal for an IPsec SA.
Before configuring a proposal, you must specify the IP stream on which to
apply IPsec using the
apply IPsec using the
match address
command.
In case multiple proposals are configured, all of them are sent in the SA
payload in a logical OR manner in the order they are specified by the
proposal priority. The protocol value defaults to ESP if it is not explicitly
specified.
payload in a logical OR manner in the order they are specified by the
proposal priority. The protocol value defaults to ESP if it is not explicitly
specified.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.