Nortel 4134 用户指南
158
IPsec VPN configuration
3
To specify configuration of dynamic IKE policies for remote access,
enter:
enter:
dynamic
4
To specify the remote access IPsec policy to configure, enter:
ipsec policy <name> {modecfg-group | l2tp-group}
5
To specify the IPsec proposal template to configure, enter:
proposal <1-5>
6
To configure the encapsulation mode, enter:
mode {transport | tunnel}
—End—
Table 83
Variable definitions
Variable definitions
Variable
Value
tunnel
Specifies tunnel mode. In tunnel mode the IP header
of the packet is encapsulated into a new IP header
with a routable destination IP address. Protection is
offered for the complete packet. This is the default
mode.
of the packet is encapsulated into a new IP header
with a routable destination IP address. Protection is
offered for the complete packet. This is the default
mode.
transport
Specifies transport mode. In transport mode, the old
IP address is retained and the hash (in case of AH)
is generated over the payload and delivered to the
peer. The protection is offered only for the pay load.
IP address is retained and the hash (in case of AH)
is generated over the payload and delivered to the
peer. The protection is offered only for the pay load.
Enabling the dynamic IPsec policy
Enable the dynamic IPsec policy.
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify configuration of dynamic IKE policies for remote access,
enter:
enter:
dynamic
4
To specify the remote access IPsec policy to configure, enter:
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.