Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

Description of the Network Topology for the IPsec Tasks to Protect a VPN

    The procedures in this section assume the following setup. For a depiction of the network, see Sample VPN Between Offices Connected Across the Internet.

  • Each system is using an IPv4 address space.

    These procedures also work with IPv6 addresses or a combination of IPv4 and IPv6 addresses.

  • Each system has two interfaces. The net0 interface connects to the Internet. In this example, Internet IP addresses begin with 198.51.100. The net1 interface connects to the company's LAN, its intranet. In this example, intranet IP addresses begin with the number 192.0.2.

  • Each system requires ESP encryption with the AES algorithm. The AES algorithm uses a 128-bit or 256-bit key.

  • Each system requires ESP authentication with the SHA-2 algorithm. In this example, the SHA-2 algorithm uses a 512-bit key.

  • Each system can connect to a router that has direct access to the Internet.

  • Each system uses shared security associations.

The following illustration shows the configuration parameters used in the procedures.

Figure 13  Sample VPN Between Offices Connected Across the Internet

image:Graphic shows details of VPN between Europe and California offices.

The configuration parameters are listed in the following table.

Parameter
Europe
California
System name
euro-vpn
calif-vpn
System intranet interface
net1
net1
System intranet address, the default route to the other network
192.0.2.36
192.0.2.3
System intranet address object
net1/inside
net1/inside
System Internet interface
net0
net0
System Internet address
198.51.100.6
198.51.100.33
Name of Internet router
router-E
router-C
Address of Internet router
198.51.100.1
198.51.100.31
Tunnel name
tun0
tun0
Tunnel name address object
tun0/v4tunaddr
tun0/v4tunaddr

For information about tunnel names, see Administering IP Tunnels in Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11.3. For information about address objects, see How to Configure an IPv4 Interface in Configuring and Managing Network Components in Oracle Solaris 11.3 and the ipadm(1M) man page.