No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

IPSec- IPSec Solution to Dynamic Addresses

Publication Date:  2013-05-07 Views:  63 Downloads:  0
Issue Description
The address 2250 is a fixed address, whereas the address 2210 is dynamically obtained.
Alarm Information
None.
Handling Process
usg2250
Configure IPSec proposal tran1.
ipsec proposal tran1                      
Configure IKE proposal.
ike proposal 10                               
Configure the IKE local user name.
ike local-name usg2250               
Configures the IKE peer.
ike peer b
Mode: aggressive mode                                        
  exchange-mode aggressive 
  local-id-type name 
Name of the peer end                        
  remote-name usg2210
Call the IKE proposal.                  
  ike-proposal 10   
Configure KEY.                          
  pre-shared-key abcde                    
Configure the IPSec policy template adopting IKE policy template for negotiation.
ipsec policy-template map_temp 1 
Call the data flow. 
  serurity acl 3000 
Call the IPSec proposal.                                   
  proposal tran1
Call the IKE peer.                                       
  ike-peer b
Configure the security policy. template map_temp is the called policy template.                                               
ipsec policy map1 10 isakmp template map_temp 
Define the data flow.
acl 3000
  rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.3.0 0.0.0.255
Apply IPSec policy map1 to the interface.
interface GigabitEthernet 5/0/0
  ipsec policy map1                              
 
usg2210
ipsec proposal tran1
ike proposal 10
ike local-name usg2210
ike peer a
  exchange-mode aggressive
  local-id-type name
  remote-name usg2250
The peer address is fixed. Specify the peer address.
  remote-address 192.13.2.1              
  ike-proposal 10
  pre-shared-key abcde
 
ipsec policy map1 10 isakmp
  security acl 3000
  proposal tran1
  ike-peer a
 
acl 3000
  rule permit ip source 10.1.3.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
 
interface dialer 0
  ipsec policy map1
Root Cause
None.
Suggestions
None.

END