362
Chapter 32 VPN configuration
Chapter contents
Introduction........................................................................................................................................................363
Authentication ..............................................................................................................................................363
Encryption ....................................................................................................................................................363
Transport and tunnel modes .........................................................................................................................364
Permanent IKE Tunnels ..........................................................................................................................364
Key management ..........................................................................................................................................364
VPN configuration task list .................................................................................................................................365
Creating an IPsec transformation profile .......................................................................................................365
Creating an IPsec policy profile .....................................................................................................................365
Creating/modifying an outgoing ACL profile for IPsec .................................................................................367
Configuration of an IP interface and the IP router for IPsec ..........................................................................368
Displaying IPsec configuration information ..................................................................................................368
Debugging IPsec ...........................................................................................................................................369
Key management (IKE).......................................................................................................................................370
Main differences between manual & IKE IPSEC configurations .............................................................370
Creating an ISAKMP transform profile ...................................................................................................371
Creating an ISAKMP IPSEC policy profile .............................................................................................372
Creating/modifying an outgoing ACL profile for IPSEC .........................................................................373
Configuration of an IP interface and the IP router for IPSEC .................................................................373
Policy matching ......................................................................................................................................373
Sample configuration snippet ..................................................................................................................373
Troubleshooting ...........................................................................................................................................374
Encrypted Voice - Performance considerations ....................................................................................................375
Performance considerations ...........................................................................................................................375
Enabling RTP encryption support.......................................................................................................................375
Using an alternate source IP address for specific destinations...............................................................................376
Sample configurations .........................................................................................................................................377
IPsec tunnel, DES encryption .......................................................................................................................377
SmartNode configuration ........................................................................................................................377
Cisco router configuration .......................................................................................................................378
IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC-SHA1-96 ..................378
SmartNode configuration ........................................................................................................................378
Cisco router configuration .......................................................................................................................378
IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96 ................379
SmartNode configuration ........................................................................................................................379
Cisco router configuration .......................................................................................................................379