The procedures that follow this section assume the following setup. For a depiction of the network, see Figure 19–2.
Each system is using an IPv4 address space.
For a similar example with IPv6 addresses, see How to Protect a VPN With an IPsec Tunnel in Tunnel Mode Over IPv6.
Each system has two interfaces. The hme0 interface connects to the Internet. In this example, Internet IP addresses begin with 192.168. The hme1 interface connects to the company's LAN, its intranet. In this example, intranet IP addresses begin with the number 10.
Each system invokes AH protection with the MD5 algorithm. The MD5 algorithm requires a 128-bit key.
Each system invokes ESP protection with the 3DES algorithm. The 3DES algorithm requires a 192-bit key.
Each system can connect to a router that has direct access to the Internet.
Each system uses shared security associations.
As the preceding illustration shows, the IPv4 procedures use these configuration parameters.
Parameter |
Europe |
California |
||
---|---|---|---|---|
System name |
|
|
||
System intranet interface |
|
|
||
System Internet interface |
|
|
||
System intranet address, also the -point address in Step 6 |
|
|
||
System Internet address, also the tsrc address in Step 6 |
|
|
||
Name of Internet router |
|
|
||
Address of Internet router |
|
|
||
Tunnel name |
|
|