<< Create an IPsec Policy (1 of 4)

Create an IPsec Policy (3 of 4) >>

 

Example 5: GRE over IPsec, Site-to-Site, with Manual Keying

Create an IPsec Policy (Step 2 of 4)

GRE over IPsec must be configured with manual key exchange instead of IKE. Notice that the inbound and outbound keys are complementary for each side. For example, the inbound encryption key for Site A is the same as the outbound encryption key for Site B.

TMS zl Module A

TMS zl Module B

  1. For Key Management, select Manual.

  2. For Local Gateway, select Use VLAN IP Address and select VLAN99 from the list.

  3. For Remote Gateway IP Address, type 192.168.33.22.

  4. For SPI Number, type 987654.

  5. For Inbound Encryption Key, type aa11bb22cc33dd44ee55ff66.

  6. For Outbound Encryption Key, type 11aa22bb33cc44dd55ee66ff.

  7. For Inbound Authentication Key, type 44dd33cc22bb11aa.

  8. For Outbound Authentication Key, type dd44cc33bb22aa11.

  9. Click Next.

  1. For Key Management, select Manual.

  2. For Local Gateway, select Use VLAN IP Address and select VLAN33 from the list.

  3. For Remote Gateway IP Address, type 172.23.99.99.

  4. For SPI Number, type 987654.

  5. For Inbound Encryption Key, type 11aa22bb33cc44dd55ee66ff.

  6. For Outbound Encryption Key, type aa11bb22cc33dd44ee55ff66.

  7. For Inbound Authentication Key, type dd44cc33bb22aa11.

  8. For Outbound Authentication Key, type 44dd33cc22bb11aa.

  9. Click Next.

<< Create an IPsec Policy (1 of 4)

Create an IPsec Policy (3 of 4) >>