Brocade Communications Systems RFS6000 User Manual

Page 245

Advertising
background image

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

243

53-1001931-01

Global Configuration commands

5

1. Configuration required on controller 1:

a. Create an extended ACL. This is used to define the tunnel used by the traffic.

RFController(config)#access-list 150 permit ip 12.1.1.0/24 13.1.1.0/24

rule-precedence

b. Create and configure ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 15.1.1.20

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

RFController(config)#crypto isakmp policy 199

RFController(config-crypto-isakmp)#encryption aes

RFController(config-crypto-isakmp)#hash sha

RFController(config-crypto-isakmp)#authentication pre-share

RFController(config-crypto-isakmp)#group 5

RFController(config-crypto-isakmp)#lifetime 9496

d. Create and configure an IPSec transform set.

RFController(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes

RFController(config-crypto-ipsec)#mode tunnel

e. Create and configure a crypto map.

RFController(config)#crypto map THIRDMAP 435 isakmp

RFController(config-crypto-map)#set peer 15.1.1.20

RFController(config-crypto-map)#match address 150

RFController(config-crypto-map)#set transformset TFSET

RFController(config-crypto-map)#set security-association lifetime seconds 3600

f.

Associate the crypto map with a VLAN interface.

RFController(config)#interface vlan1

RFController(config-if)#ip address 11.1.1.10/24

RFController(config-if)#crypto map THIRDMAP

RFController(config-if)#interface vlan2100

RFController(config-if)#ip address 12.1.1.10/24

RFController(config-if)#ip route 0.0.0.0/0 11.1.1.2

2. Configuration required on controller 2:

a. Create an extended ACL. This defines the tunnel used by the traffic.

RFController(config)#access-list 155permit ip 13.1.1.0/24 12.1.1.0/24

rule-precedence 1

b. Create and configure the ISAKMP parameters.

RFController(config)#crypto isakmp keepalive 10

RFController(config)#crypto isakmp key ADBROCADE address 11.1.1.10

RFController(config)#crypto ipsec security-association lifetime

kilobytes 4608000

c. Create and configure ISAKMP policy.

Advertising
This manual is related to the following products:

RFS4000, RFS7000

Popular Brands
Popular manuals