ADTRAN 1000R Series User Manual

Command Reference Guide

Global Configuration Mode Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

370

Step 8:

Create crypto map. A crypto map is used to define a set of encryption schemes to be used for a given
interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will
specify whether IKE is used to generate encryption keys or if manually specified keys will be used. The
crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform set or
sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime
of all created IPSec security associations.

(config)#crypto map corporate_vpn 1 ipsec-ike

(config-crypto-map)#match address corporate_traffic

(config-crypto-map)#set peer 63.105.15.129

(config-crypto-map)#set transform-set highly_secure

(config-crypto-map)#set security-association lifetime kilobytes 8000

(config-crypto-map)#set security-association lifetime seconds 28800

(config-crypto-map)#no set pfs

Step 9:

Configure a public interface. This process includes configuring the IP address for the interface and
applying the appropriate crypto map to the interface. Crypto maps are applied to the interface on which
encrypted traffic will be transmitted.

(config)#interface ppp 1

(config-ppp 1)#ip address 63.97.45.57 255.255.255.248

(config-ppp 1)#crypto map corporate_vpn

(config-ppp 1)#no shutdown

Step 10:

Configure a private interface. This process allows all traffic destined for the VPN tunnel to be routed to the
appropriate gateway.

(config)#interface ethernet 0/1

(config-eth 0/1)#ip address 10.10.10.254 255.255.255.0

(config-eth 0/1)#no shutdown

(config-eth 0/1)#exit