ADTRAN 1000R Series User Manual

Page 1246

Advertising
background image

Command Reference Guide

Crypto Map Manual Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

1246

Functional Notes

The inbound local security parameter index (SPI) must equal the outbound remote SPI. The outbound local SPI
must equal the inbound remote SPI. The key values are the hexadecimal representations of the keys. They are
not true ASCII strings. Therefore, a key of 3031323334353637 represents “01234567”.

See the following list for key length requirements.

Algorithm:

Minimum key length required:

DES

64-bits in length; 8 hexadecimal bytes

3DES

192-bits in length; 24 hexadecimal bytes

AES-128-CBC

128-bits in length; 16 hexadecimal bytes

AES-192-CBC

192-bits in length; 24 hexadecimal bytes

AES-256-CBC

256-bits in length; 32 hexadecimal bytes

MD5

128-bits in length; 16 hexadecimal bytes

SHA1

160-bits in length; 20 hexadecimal bytes

Technology Review

The following example configures an AOS product for VPN using IPSec manual keys. This example
assumes that the AOS product has been configured with a WAN IP Address of 63.97.45.57 on interface
ppp 1 and a LAN IP Address of 10.10.10.254 on interface ethernet 0/1. The Peer Private IP Subnet is
10.10.20.0.

For more detailed information on VPN configuration, refer to the technical support note Configuring VPN
located on the ADTRAN OS Documentation CD provided with your unit.

Step 1:

Enter the Global Configuration mode (i.e., config terminal mode).

>enable

#configure terminal

Step 2:

Enable VPN support using the ip crypto command. This command allows crypto maps to be applied to
interfaces, and enables the IKE server to listen for IKE negotiation sessions on UDP port 500.

(config)#ip crypto

Step 3:

Define the transform set. A transform set defines the encryption and/or authentication algorithms to be
used to secure the data transmitted over the VPN tunnel. Multiple transform sets may be defined in a
system. Once a transform set is defined, many different crypto maps within the system can reference it. In
this example, a transform set named highly_secure has been created. This transform set defines ESP
with authentication implemented using 3DES encryption and SHA1 authentication.

(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac

(cfg-crypto-trans)#mode tunnel

Advertising
Popular Brands
Popular manuals