Project

General

Profile

IKEv2 Legacy Configuration Examples » History » Version 10

Version 9 (Andreas Steffen, 21.05.2021 13:05) → Version 10/11 (Andreas Steffen, 07.07.2021 04:09)

h1. IKEv2 Legacy Configuration Examples

These example scenarios use the deprecated stroke management interface.

h2. Remote Access

|RSA authentication with X.509 certificates |{{tc(ikev2-stroke/rw-cert,IPv4)}} |{{tc_dr(ikev2-stroke/rw-cert,IPv4)}} |{{tc(ipv6-stroke/rw-ikev2,IPv6)}} |{{tc(ikev2/nat-rw,NAT)}} |{{tc_dr(ikev2/nat-rw,NAT)}} |
|PSK authentication with pre-shared keys (IP) |{{tc(ikev2-stroke/rw-psk-ipv4,IPv4)}} |{{tc_dr(ikev2-stroke/rw-psk-ipv4,IPv4)}} |{{tc(ipv6-stroke/rw-psk-ikev2,IPv6)}}|{{tc(ikev2/nat-rw-psk,NAT)}}| |{{tc(ipv6-stroke/rw-psk-ikev2,IPv6)}}|{{tc_dr(ikev2/nat-rw-psk,NAT)}}|
|PSK authentication with pre-shared keys (FQDN) |{{tc(ikev2-stroke/rw-psk-fqdn,IPv4)}} |{{tc_dr(ikev2-stroke/rw-psk-fqdn,IPv4)}} | | |
|EAP_AKA authentication |{{tc(ikev2-stroke/rw-eap-aka-rsa,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-aka-rsa,IPv4)}} | | |
|EAP_AKA authentication with EAP identity |{{tc(ikev2-stroke/rw-eap-aka-id-rsa,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-aka-id-rsa,IPv4)}} | | |
|EAP_SIM authentication |{{tc(ikev2-stroke/rw-eap-sim-rsa,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-sim-rsa,IPv4)}} | |{{tc(ikev2-stroke/rw-eap-sim-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-sim-radius,RADIUS)}} |
|EAP_SIM authentication with EAP identity | | |{{tc(ikev2-stroke/rw-eap-sim-id-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-sim-id-radius,RADIUS)}} |
|EAP_SIM only authentication | | |{{tc(ikev2-stroke/rw-eap-sim-only-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-sim-only-radius,RADIUS)}} |
|EAP_MSCHAPv2 authentication with EAP identity |{{tc(ikev2-stroke/rw-eap-mschapv2-id-rsa,IPv4)}}| |{{tc_dr(ikev2-stroke/rw-eap-mschapv2-id-rsa,IPv4)}}| | |
|EAP_MD5 authentication |{{tc(ikev2-stroke/rw-eap-md5-rsa,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-md5-rsa,IPv4)}} | |{{tc(ikev2-stroke/rw-eap-md5-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-md5-radius,RADIUS)}} |
|EAP_MD5 authentication with EAP identity | | |{{tc(ikev2-stroke/rw-eap-md5-id-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-md5-id-radius,RADIUS)}} |
|EAP_TLS authentication |{{tc(ikev2-stroke/rw-eap-tls-only,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-tls-only,IPv4)}} | |{{tc(ikev2-stroke/rw-eap-tls-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-tls-radius,RADIUS)}} |
|EAP_TTLS with EAP_MD5 client authentication |{{tc(ikev2-stroke/rw-eap-ttls-only,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-ttls-only,IPv4)}} | |{{tc(ikev2-stroke/rw-eap-ttls-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-ttls-radius,RADIUS)}} |
|EAP_PEAP with EAP_MD5 client authentication |{{tc(ikev2-stroke/rw-eap-peap-md5,IPv4)}} |{{tc_dr(ikev2-stroke/rw-eap-peap-md5,IPv4)}} | |{{tc(ikev2-stroke/rw-eap-peap-radius,RADIUS)}} |{{tc_dr(ikev2-stroke/rw-eap-peap-radius,RADIUS)}} |
|EAP_PEAP with EAP_MSCHAPv2 client authentication|{{tc(ikev2-stroke/rw-eap-peap-mschapv2,IPv4)}} authentication|{{tc_dr(ikev2-stroke/rw-eap-peap-mschapv2,IPv4)}} | ||

h2. Remote Access with Virtual IP Adresses

| RAM-based server-side virtual IP pool |{{tc(ikev2-stroke/ip-pool,IPv4)}} |{{tc_dr(ikev2-stroke/ip-pool,IPv4)}} |
| DB-based server-side virtual IP pool |{{tc(ikev2-stroke/ip-pool-db,IPv4)}} |{{tc_dr(ikev2-stroke/ip-pool-db,IPv4)}} |
| Static server-side virtual IP addresses |{{tc(ikev2-stroke/config-payload,IPv4)}} |{{tc_dr(ikev2-stroke/config-payload,IPv4)}} |
| Static client-side virtual IP addresses |{{tc(ikev2-stroke/virtual-ip,IPv4)}} |{{tc_dr(ikev2-stroke/virtual-ip,IPv4)}} |
| Two RAM-based server-side virtual IP pools |{{tcikev2-stroke/ip-two-pools,IPv4)}} |{{tc_dr(ikev2-stroke/ip-two-pools,IPv4)}} |
| Two DB-based server-side virtual IP pools |{{tc(ikev2-stroke/ip-two-pools-db,IPv4)}} |{{tc_dr(ikev2-stroke/ip-two-pools-db,IPv4)}} |

h2. Site-to-Site

|RSA authentication with X.509 certificates |{{tc(ikev2-stroke/net2net-cert,IPv4)}} |{{tc_dr(ikev2-stroke/net2net-cert,IPv4)}} |{{tc(ipv6-stroke/net2net-ikev2,IPv6)}} |
|PSK authentication with pre-shared keys |{{tc(ikev2-stroke/net2net-psk,IPv4)}} |{{tc_dr(ikev2-stroke/net2net-psk,IPv4)}} | |
|Connection setup automatically started by daemon |{{tc(ikev2-stroke/net2net-start,IPv4)}} |{{tc_dr(ikev2-stroke/net2net-start,IPv4)}} | |
|Connection setup triggered by data to be tunneled|{{tc(ikev2-stroke/net2net-route,IPv4)}} tunneled|{{tc_dr(ikev2-stroke/net2net-route,IPv4)}} | |

h2. Host-to-Host

|IPsec tunnel mode with X.509 certificates |{{tc(ikev2-stroke/host2host-cert,IPv4)}} |{{tc_dr(ikev2-stroke/host2host-cert,IPv4)}} |{{tc(ipv6-stroke/host2host-ikev2,IPv6)}} |
|IPsec transport mode with X.509 certificates |{{tc(ikev2-stroke/host2host-transport,IPv4)}} |{{tc_dr(ikev2-stroke/host2host-transport,IPv4)}} |{{tc(ipv6-stroke/transport-ikev2,IPv6)}} |

h2. IP Protocol and Port Policies

|IPsec tunnel restricted to ICMP and ssh protocols |{{tc(ikev2-stroke/protoport-dual,IPv4)}} |{{tc_dr(ikev2-stroke/protoport-dual,IPv4)}} |

h2. Complete List

{{tc(ikev2-stroke,All {{tc_dr(ikev2-stroke,All IKEv2 legacy test scenarios)}}