For IPsec transport mode protected tunnels, include the following:
a GRE tunnel
IPsec parameters:
ike-policy ike-policy-id
ike-transform ike-transform-id
ipsec-transform transform-id
cert-profile profile-name or trust-anchor-profile name (the certificate authentication is required)
an ipsec-transport-mode-profile name referenced under the GRE tunnel
The following are Classic CLI configuration examples:
A:v70>config>ipsec# info
----------------------------------------------
ike-transform 1 create
dh-group 20
ike-auth-algorithm auth-encryption
ike-encryption-algorithm aes256-gcm16
ike-prf-algorithm sha384
exit
ike-policy 1 create
ike-version 2
ike-transform 1
exit
ipsec-transform 1 create
esp-auth-algorithm auth-encryption
esp-encryption-algorithm aes256-gcm16
pfs-dh-group 20
exit
ipsec-transport-mode-profile "test" create
dynamic-keying
ike-policy 1
pre-shared-key "KrbVPnF6Dg13PM/biw6ErPl5XU7+" hash2
transform 1
exit
exit
A:v70>config>service>vprn# info
----------------------------------------------
interface "priv" tunnel create
address 44.44.44.1/24
sap tunnel-1.private:100 create
ip-tunnel "t1" create
dest-ip 44.44.44.2
gre-header
source 172.16.100.1
remote-ip 192.168.1.2
delivery-service 300
ipsec-transport-mode-profile "test"
no shutdown
exit
exit
exit