Knowledgebase

 
 
Knowledgebase Article
Knowledgebase > Unified Communications


IKE with AES-128 (Side #1)
Article Id #: 233

The command sequence below defines a VPN Tunnel that uses AES-128 to route traffic from Side #1 (192.168.1.0) to Side #2 (192.168.2.0).

NOTE:

-You must replace ‹X.X.X.X› in the template with the IP address for Side #2.

-You must replace ‹MySharedKey› in the template with text string as the initial shared key

-You must replace ‹nnnn› in the template with unique number from 1-99999 like 12345

-You must purchase the appropriate software license for your SmartNode to support VPN service. To see the current licenses active for your SmartNode, execute the "show license" command.

Command Sequence Description

profile ipsec-transform AES-128
  esp-encryption aes-cbc 128
  key-lifetime-seconds 3600

profile isakmp-transform AES-128
  encryption aes-cbc 128
  authentication-algorithm sha1
  key-lifetime-seconds 86400

profile ipsec-policy-isakmp VPN-IKE
  authentication-method pre-shared-key ‹MySharedKey›
# SET IP ADDRESS of SIDE #2
  peer ‹X.X.X.X›
  protection-group ‹nnnn›
  mode tunnel
  diffie-hellman-group group2
  use profile ipsec-transform 1 AES-128
  use profile isakmp-transform 1 AES-128

profile acl VPN-Out
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ipsec-policy VPN-IKE
permit ip any any

profile acl VPN-In
permit esp any any
permit ah any any
permit ip 192.168.2.0 0.0.255.255 192.168.1.0 0.0.0.255
permit ip any any

context ip
interface eth0
use profile acl VPN-In in
use profile acl VPN-Out out
User Rating
This answer was helpful This answer was not helpful (8756 vote(s)) 
User Comments  Add a Comment )

 
 
 
Sales: sales@patton.com / +1 301 975 1000
Support: support@patton.com / +1 301 975 1007
Join Our Email List
Have Us Contact You
or
Login Connect With Us
X Linkedin Facebook Youtube
 
     Patton LLC Copyright © 2022 All Rights Reserved.

|  Sitemap  |   Legal  |   Privacy Policy  |   Disclaimer  |    X  Facebook  YouTube  LinkedIn  RSS