Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: March 2018
 
 

Examples of Protecting a VPN With IPsec by Using Tunnel Mode

The tunnel in the following illustration is configured for all subnets of the LANs as follows:

## Tunnel configuration for ##
# Tunnel name is tun0
# Intranet point for the source is 192.0.2.1
# Intranet point for the destination is 192.0.2.44
# Tunnel source is 198.51.100.1
# Tunnel destination is 198.51.100.33
# Tunnel name address object is tun0/to-central
# Tunnel name address object is tun0/to-overseas

Figure 12  Tunnel Protected by IPsec

image:Graphic shows a VPN that connects two LANs. Each LAN has four subnets.

The following examples are based on the illustration.

Example 36  Creating a Tunnel That All Subnets Can Use

In this example, all traffic from the local LANs of the Central LAN in Tunnel Protected by IPsec can be tunneled through Router 1 to Router 2, and then delivered to all local LANs of the Overseas LAN. The traffic is encrypted with AES.

## IPsec policy ##
{tunnel tun0 negotiate tunnel} 
 ipsec {encr_algs aes encr_auth_algs sha512 sa shared}
Example 37  Creating a Tunnel That Connects Two Subnets Only

In this example, only traffic between subnet 192.0.2.0/27 of the Central LAN and subnet 192.0.2.32/27 of the Overseas LAN is tunneled and encrypted. In the absence of other IPsec policies for Central, if the Central LAN attempts to route any traffic for other LANs over this tunnel, the traffic is dropped at Router 1.

## IPsec policy ##
{tunnel tun0 negotiate tunnel laddr 192.0.2.0/27 raddr 192.0.2.32/27} 
 ipsec {encr_algs aes encr_auth_algs sha512 shared}