Example, Response, Ike ipsec proposals add – Efficient Networks 107-0001-000 User Manual
Page 380: Mgmt class, Input format, Ike ipsec proposals add -22
Chapter 12: IKE/IPsec Commands
Page 12-22
Efficient Networks
®
Example
The following commands suggest how a virtual interface could be defined for use with
Network Address Translation and an IPSec tunnel.
Response
Command prompt.
ike ipsec proposals add
Defines the name of an IKE IPSec proposal. The proposal commands define the
proposals exchanged to set up an IPSec security association (SA), that is, an SA to
be used for the user data transfer. (see “
IKE IPSec Proposal Commands” on page 5-
58.
)
Mgmt Class
Security (R/W)
Input Format
ike ipsec proposals add <proposalname>
# The address of the corporate LAN is 192.168.0.0, but the desired
# NAT address is 10.0.0.1 so you create a virtual interface (0:99),
# turn off RIP for the interface, and assign it the address 10.0.0.1/24.
-> eth add 0:99
-> eth ip opt txrip off 0:99
-> eth ip opt rxrip off 0:99
-> eth ip addr 10.0.0.1 255.255.255.0 0:99
#
#Next, enable NAT for the virtual interface and route traffic to the
# the corporate backbone (192.168.0.0/16) through the virtual interface.
-> eth ip translate on 0:99
-> eth ip addroute 192.168.0.0 255.255.0.0 10.0.0.0.1 0:99
# Later, when you set up the IKE tunnel, include these commands
# when defining a policy. (The policy name is corporate.)
# The source address must be the virtual interface address.
# The destination address must be the corporate backbone address.
# ike ipsec policies set source 10.0.0.1 255.255.255.255 corporate
# ike ipsec policies set dest 192.168.0.0 255.255.0.0 corporate
# ike ipsec policies set translate on corporate