Nortel 4134 用户指南

Nortel

Configuring a Site-to-site IPsec VPN

239

crypto

ike policy ike1 205.1.1.18

local-address 205.1.1.14

key certificatekey1

exit

4

To configure the IPsec policy, enter:

ipsec policy ipsec1 205.1.1.18

match address 10.1.2.0 24 20.1.2.0 24

enable

exit

5

To configure the internet firewall:

firewall internet

interface wan1

policy 100 in self service ike

policy 102 in self protocol icmp

policy 102 in self protocol icmp

is optional. It can be

helpful for debugging, but is not a necessary configuration.

6

To configure the corp firewall:

interface ethernet0/1

policy 101 address 20.1.2.0 24 any any

—End—

Configuring SR4134 2

Step

Action

1

To configure the wan2 PPP bundle, enter:

interface bundle wan2

link t1 1/1-2

encapsulation ppp

ip address 205.1.1.18 30

crypto untrusted

exit

2

To configure the Ethernet port 0/2, enter:

interface ethernet 0/2

ip address 20.1.2.1 24

crypto trusted

exit

3

To configure the IKE policy, enter:

crypto

Nortel Secure Router 4134

Security — Configuration and Management

NN47263-600

01.02

Standard

10.0

3 August 2007

Copyright © 2007, Nortel Networks

.