The procedures that follow this section assume the following setup. For a depiction of the network, see Figure 20–2.
Each system is using an IPv4 address space.
For a similar example with IPv6 addresses, see How to Protect a VPN With an IPsec Tunnel in Tunnel Mode Over IPv6.
Each system has two interfaces. The hme0 interface connects to the Internet. In this example, Internet IP addresses begin with 192.168. The hme1 interface connects to the company's LAN, its intranet. In this example, intranet IP addresses begin with the number 10.
Each system requires ESP authentication with the SHA–1 algorithm. The SHA–1 algorithm requires a 160-bit key.
Each system requires ESP encryption with the AES algorithm. The AES algorithm uses a 128-bit or 256–bit key.
Each system can connect to a router that has direct access to the Internet.
Each system uses shared security associations.
As the preceding illustration shows, the procedures for the IPv4 network use the following configuration parameters.
Parameter |
Europe |
California |
||
---|---|---|---|---|
System name |
|
|
||
System intranet interface |
|
|
||
System intranet address, also the -point address in Step 7 |
|
|
||
System Internet interface |
|
|
||
System Internet address, also the tsrc address in Step 7 |
|
|
||
Name of Internet router |
|
|
||
Address of Internet router |
|
|
||
Tunnel name |
|
|
The following IPv6 addresses are used in the procedures. The tunnel names are the same.
Parameter |
Europe |
California |
||
---|---|---|---|---|
System intranet address |
|
|
||
System Internet address |
|
|
||
Address of Internet router |
|
|