Ubigate iBG2016 Configuration Guide/Ed.00© SAMSUNG Electronics Co., Ltd. 275Joining Two Networks using Multiple IPSecProposals ExampleThe following example demonstrates how a security gateway can use multipleIPSec(phase2) proposals to form an IP security tunnel to join two privatenetworks: 10.0.1.0/24 and 10.0.2.0/24.IKE Proposal offered by both Router and NW2:y Phase 1: 3DES and SHA1IPSec Proposals offered by Router:y Phase 2: Proposal1: IPSec ESP with DES and HMAC-SHA1y Phase 2: Proposal2: IPSec ESP with AES(256-bit) and HMAC-SHA1 IPSecProposal offered by NW2:y Phase 2: Proposal1: IPSec ESP with AES(256-bit) and HMAC-SHA1In this example, the Router router offers two IPSec proposals to the peer whilethe NW2 router offers only one proposal. As a result of quick modenegotiation, the two routers are expected to converge on a mutually acceptableproposal, which is the proposal ‘IPSec ESP with AES(256-bit) and HMAC-SHA1’ in this example.Figure 5.3 Tunnel Mode Between Two Security Gateways-Multiple Proposals1. Configure a WAN bundle of network type untrusted.Router/configure/interface/bundle wan1# link t1 0/2/0Router/configure/interface/bundle wan1# encapsulation pppRouter/configure/interface/bundle wan1# ip address172.16.0.1 24Router/configure/interface/bundle wan1# crypto untrustedRouter/configure/interface/bundle wan1# exitRouter 1 Router 2IPSec ESPUNTRUSTEDTRUSTED TRUSTEDNetwork10.0.1.0/24Network10.0.2.0/24172.16.0.1 172.16.0.2
