Virtual Router/ Firewall/ VPN

Reply
Brocadian
Posts: 1
Registered: ‎09-01-2016

Enable IPSEC on 5600

Hi Guys

 

I need assistance with this please. I need remote access using l2tp to a 5600.

 

On a 5400 router, I find it to be very easy to enable ipsec on an interface by simply typing in this command:

 

set vpn ipsec ipsec-interfaces interface eth0

 

On the 5600, I cannot find a way to enable ipsec on an interface, I get to this point:

 

set security vpn ipsec ?

 

The documentation states that there should be a sub menu called ipsec interfaces

set security vpn ipsec ipsec-interfaces interface dp0p1p1

 

version of 5600 code is 5.0R2 evaluation.

 

 

 

Highlighted
New Contributor
Posts: 4
Registered: ‎08-19-2016

Re: Enable IPSEC on 5600

I don't know anything about the 5600 but can you press enter after ipsec-interfaces to enter the sub-menu you mention? I would enter the ? before typing the next word in the command to see all available options.
Regular Visitor
Posts: 1
Registered: ‎07-29-2016

Re: Enable IPSEC on 5600

I'm having the same issue. Here is the completion:

 

vyatta@asc# set security vpn ipsec
Possible Completions:
   <Enter>            Execute the current command
   auto-update        Set auto-update interval for IPsec daemon. [Deprecated]
   disable-uniqreqids <No help text available> [Deprecated]
+> esp-group          Name of Encapsulating Security Payload (ESP) group
+> ike-group          Name of Internet Key Exchange (IKE) group
 > logging            IPsec logging
 > nat-networks       Network Address Translation (NAT) networks
   nat-traversal      Network Address Translation (NAT) traversal [Deprecated]
+> profile            VPN IPSec Profile
 > site-to-site       Site to site VPN


[edit]

 

I am going through the IPSec course for the 5600 in the learning portal, and the command is there for step one of setting up a tunnel, but it's not actually there when I check.

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Enable IPSEC on 5600

"set security vpn ipsec ipsec-interfaces" is not a supported command on 5600, and it is not needed. You can have IPsec Site-to-Site working fine on 5600 without that command. It is unfortunate that our training materials still mention that command. Please disregard it and move on.

New Member
Posts: 1
Registered: ‎08-29-2017

Re: Enable IPSEC on 5600

Thanks for the response. I understand "set security vpn ipsec ipsec-interfaces" is not supported. 

The tunnel is not coming up as active after the configuration. Is there anything else that needs to be done ?

Do we need to enable the interface to support IPSec ? Or is there some binding that has to happen 

 

I get "0 Active IPSec Tunnels" when i use "show vpn ipsec status"

esp, ike and site-to-site configuraitons are complete 

 

thanks for your help

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.