Nortel 4134 用户指南
160
IPsec VPN configuration
—End—
Configuring IPsec protection for the L2TP access interface
Configure IPsec protection for the L2TP server.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To select the L2TP access virtual interface, enter:
interface l2tp-server <server-name>
3
To configure IPsec protection, enter:
ipsec-protection <ike-ipsec-policy> <untrusted-if-
address> {remote-id-type {ip-address | domain-name
| email-id|der-encoded-dn}} {remote-id-data
<remote-id-data>} [key <key>]
—End—
Table 85
Variable definitions
Variable definitions
Variable
Value
<ike-ipsec-policy>
Name of crypto dynamic IKE and IPsec policy. Max
8 characters.
8 characters.
<untrusted-if-address>
Address of the local crypto untrusted interface that is
used as the IKE authenticated tunnel endpoint.
used as the IKE authenticated tunnel endpoint.
{remote-id-type
{ip-address |
domain-name | email-id|
der-encoded-dn}}
{ip-address |
domain-name | email-id|
der-encoded-dn}}
Remote ID type:
ip-address: a routeable IP address already
configured on this device
domain-name: fully qualified domain name (FQDN)
email-id: email address (user FQDN)
der-encoded-dn: x509 certificate subject-name
in ascii form (default) (example: O=ACME
Corp,OU=*,C=US,CN=Wile E. Coyote)
ip-address: a routeable IP address already
configured on this device
domain-name: fully qualified domain name (FQDN)
email-id: email address (user FQDN)
der-encoded-dn: x509 certificate subject-name
in ascii form (default) (example: O=ACME
Corp,OU=*,C=US,CN=Wile E. Coyote)
[remote-id-data
<remote-id-data>]
<remote-id-data>]
Remote ID data. Max 48 characters.
[key <key>]
Tells IKE to use preshared-key authentication with
this key (no key means use certificates).
this key (no key means use certificates).
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.