Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configure an ESP group on EAST

This task creates ESP group ESP-1E on EAST. This ESP group contains two proposals:

  • Proposal 1 uses AES-256 as the encryption cipher and SHA-1 as the hash algorithm
  • Proposal 2 uses Triple-DES as the encryption cipher and MD5 as the hash algorithm

The lifetime of a proposal from this ESP group is set to 1800 seconds.

To create this ESP group, perform the following steps on EAST in configuration mode.

Table 1. Configuring an ESP group on EAST
Step Command

Create the configuration node for proposal 1 of ESP group ESP-1E.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E proposal 1

Set the encryption cipher for proposal 1.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E proposal 1 encryption aes256

Set the hash algorithm for proposal 1.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E proposal 1 hash sha1

Set the encryption cipher for proposal 2. This also creates the configuration node for proposal 2 of ESP group ESP-1E.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E proposal 2 encryption 3des

Set the hash algorithm for proposal 2.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E proposal 2 hash md5

Set the lifetime for the whole ESP group.

vyatta@EAST# set security vpn ipsec esp-group ESP-1E lifetime 1800

View the configuration for the ESP group. Don't commit yet.

vyatta@EAST# show security vpn ipsec esp-group ESP-1E

    proposal 1 {
        encryption aes256
        hash sha1
    }
    proposal 2 {
        encryption 3des
        hash md5
    }
    lifetime 1800