Workflow to configure IPsec
Stages
1 |
Provision an ISA tunnel MDA on each participating NE; see Chapter 11, Working with network objects and Chapter 13, Logical group object configuration for information about IPsec equipment configuration. Use the following steps: |
2 |
Configure an IKE policy; see To configure an IPsec IKE policy. |
3 |
Configure an IPsec transform policy; see To configure an IPsec transform policy. |
4 |
If your network includes shared IPsec transform and IKE policies, configure an IPsec tunnel template; see To configure an IPsec tunnel template. |
5 |
Configure an IPsec security policy; see To configure an IPsec security policy. |
6 |
Configure a RADIUS authentication policy to apply to an IES or VPRN IPsec gateway; see To configure a RADIUS authentication policy. |
7 |
Configure a RADIUS accounting policy to apply to an IES or VPRN IPsec gateway; see To configure a RADIUS accounting policy. |
8 |
Configure a trust anchor profile; see To configure a trust anchor profile. |
9 |
Configure a certificate profile; see To configure a certificate profile . |
10 |
If you are configuring IPsec on a VPRN, create the private-facing tunnel interface; see To configure a tunnel interface on an IES or VPRN. Use the following steps: |
11 |
Create the public-facing tunnel interface; see To configure an IES or VPRN IPsec gateway. Use the following steps:
|
12 |
If you are configuring IPsec on a VPRN, create IPsec tunnels on the VPRN tunnel interface; see To configure an IPsec tunnel on a VPRN tunnel interface. |
13 |
Configure the static route; see To configure a static route on a routing instance. |