Professional Documents
Culture Documents
1.IN Proposal
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm 3des-cbc;
lifetime-seconds 28800;
IN IKE policy
mode main;
proposals BMTC-RSRTC2-PH1;
In Gateway
ike-policy BMTC-RSRTC2-POLICY;
address 122.252.232.116;
external-interface reth1.0;
IN PHASE2
IPsecVPN->Auto tunnel->PHASE2
IN IPsec Proposal
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm 3des-cbc;
lifetime-seconds 3600;
In IPSEC Policy
perfect-forward-secrecy {
keys group2;
proposals BMTC-RSRTC2-PH2;
IN ipsec vpn
vpn-monitor {
optimized;
ike {
gateway BMTC-RSRTC2-GW;
proxy-identity {
local 10.30.1.0/24;
remote 192.168.3.0/24;
ipsec-policy BMTC-RSRTC2-PH2-POLICY;
match {
source-address addr_10_30_1_0_24;
destination-address addr_192_168_3_0_24;
application any;
then {
permit {
tunnel {
ipsec-vpn BMTC-RSRTC2-VPN;
pair-policy RSRTC2-TO-BMTC;
log {
session-init;
session-close;
}
show security policies from-zone INTERNET to-zone SERVER policy RSRTC2-TO-BMTC
match {
source-address addr_192_168_3_0_24;
destination-address addr_10_30_1_0_24;
application any;
then {
permit {
tunnel {
ipsec-vpn BMTC-RSRTC2-VPN;
pair-policy BMTC-TO-RSRTC2;
log {
session-init;
session-close;
insert security policies from-zone SERVER to-zone INTERNET policy BMTC-TO-RSRTC2 before policy
NAME OF THE POLICY(we are moving the BMTC-TO-RSRTC2 above this policy)
For saving:
Commit