Virtual Router/ Firewall/ VPN

Reply
Brocadian
Posts: 1
Registered: ‎09-01-2016

Enable IPSEC on 5600

Hi Guys

 

I need assistance with this please. I need remote access using l2tp to a 5600.

 

On a 5400 router, I find it to be very easy to enable ipsec on an interface by simply typing in this command:

 

set vpn ipsec ipsec-interfaces interface eth0

 

On the 5600, I cannot find a way to enable ipsec on an interface, I get to this point:

 

set security vpn ipsec ?

 

The documentation states that there should be a sub menu called ipsec interfaces

set security vpn ipsec ipsec-interfaces interface dp0p1p1

 

version of 5600 code is 5.0R2 evaluation.

 

 

 

New Contributor
Posts: 4
Registered: ‎08-19-2016

Re: Enable IPSEC on 5600

I don't know anything about the 5600 but can you press enter after ipsec-interfaces to enter the sub-menu you mention? I would enter the ? before typing the next word in the command to see all available options.
Regular Visitor
Posts: 1
Registered: ‎07-29-2016

Re: Enable IPSEC on 5600

I'm having the same issue. Here is the completion:

 

vyatta@asc# set security vpn ipsec
Possible Completions:
   <Enter>            Execute the current command
   auto-update        Set auto-update interval for IPsec daemon. [Deprecated]
   disable-uniqreqids <No help text available> [Deprecated]
+> esp-group          Name of Encapsulating Security Payload (ESP) group
+> ike-group          Name of Internet Key Exchange (IKE) group
 > logging            IPsec logging
 > nat-networks       Network Address Translation (NAT) networks
   nat-traversal      Network Address Translation (NAT) traversal [Deprecated]
+> profile            VPN IPSec Profile
 > site-to-site       Site to site VPN


[edit]

 

I am going through the IPSec course for the 5600 in the learning portal, and the command is there for step one of setting up a tunnel, but it's not actually there when I check.

Brocadian
Posts: 21
Registered: ‎06-17-2015

Re: Enable IPSEC on 5600

"set security vpn ipsec ipsec-interfaces" is not a supported command on 5600, and it is not needed. You can have IPsec Site-to-Site working fine on 5600 without that command. It is unfortunate that our training materials still mention that command. Please disregard it and move on.

New Member
Posts: 1
Registered: ‎08-29-2017

Re: Enable IPSEC on 5600

Thanks for the response. I understand "set security vpn ipsec ipsec-interfaces" is not supported. 

The tunnel is not coming up as active after the configuration. Is there anything else that needs to be done ?

Do we need to enable the interface to support IPSec ? Or is there some binding that has to happen 

 

I get "0 Active IPSec Tunnels" when i use "show vpn ipsec status"

esp, ike and site-to-site configuraitons are complete 

 

thanks for your help

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook