Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: April 2019

Examples of Protecting a VPN With IPsec by Using Tunnel Mode

The tunnel in the following illustration is configured for all subnets of the LANs as follows:

## Tunnel configuration for ##
# Tunnel name is tun0
# Intranet point for the source is
# Intranet point for the destination is
# Tunnel source is
# Tunnel destination is
# Tunnel name address object is tun0/to-central
# Tunnel name address object is tun0/to-overseas

Figure 12  Tunnel Protected by IPsec

image:Graphic shows a VPN that connects two LANs. Each LAN has four subnets.

The following examples are based on the illustration.

Example 35  Creating a Tunnel That All Subnets Can Use

In this example, all traffic from the local LANs of the Central LAN in Tunnel Protected by IPsec can be tunneled through Router 1 to Router 2, and then delivered to all local LANs of the Overseas LAN. The traffic is encrypted with AES.

## IPsec policy ##
{tunnel tun0 negotiate tunnel} 
 ipsec {encr_algs aes encr_auth_algs sha512 sa shared}
Example 36  Creating a Tunnel That Connects Two Subnets Only

In this example, only traffic between subnet of the Central LAN and subnet of the Overseas LAN is tunneled and encrypted. In the absence of other IPsec policies for Central, if the Central LAN attempts to route any traffic for other LANs over this tunnel, the traffic is dropped at Router 1.

## IPsec policy ##
{tunnel tun0 negotiate tunnel laddr raddr} 
 ipsec {encr_algs aes encr_auth_algs sha512 shared}