Black Box LR11xx Series Router Configurations Guide

Blackbox/configure> system licenses vpn_plus_firewall

Enter Security Upgrade License key: 024f3bc296b4ea7265

4.2Example 1: Managing the Black Box LR1104A Securely Over an IPSec Tunnel

The following example demonstrates how to manage a Black Box router through an IP security tunnel. Steps are presented for configuring the Black Box1 and Black Box2 routers to assist any host on the LAN side of Black Box-2 to manage the Black Box1 router through the IP security tunnel.

The security requirements are as follows:

„Phase 1: 3DES with SHA1

„Phase 2: IPSec ESP with AES and HMAC-SHA1

Figure 8 Tunnel Mode Between Two Black Box Security Gateways - Multiple Proposals

 

 

172.16.0.1

172.16.0.2

TRUSTED

 

 

 

 

TRUSTED

 

 

 

 

 

 

IPSec ESP

 

 

 

Black Box 1

UNTRUSTED

Black Box 2

Network

Network

 

10.0.2.0/24

 

 

 

10.0.1.0/24

 

 

 

 

Step 1: Configure a WAN bundle of network type untrusted

Black Box1/configure> interface bundle wan1

message: Configuring new bundle

Black Box1/configure/interface/bundle

wan1> link t1 1

Black Box1/configure/interface/bundle

wan1> encapsulation ppp

Black Box1/configure/interface/bundle

wan1> ip address 172.16.0.1 24

Black

Box1/configure/interface/bundle

wan1>

crypto untrusted

Black

Box1/configure/interface/bundle

wan1>

exit

Step 2: Configure the Ethernet interface with trusted network type

Black Box1/configure> interface ethernet 0

message: Configuring existing Ethernet interface

Black Box1/configure interface/ethernet 0> ip address 10.0.1.1 24 Black Box1/configure/interface/ethernet 0> crypto trusted

Black Box1/configure/interface/ethernet 0> exit

Step 3: Display the crypto interfaces

24

Page 22
Image 22
Black Box LR1104A-T1/E1, LR1112A-T1/E1, LR1114A-T1/E1, LR1102A-T1/E1 manual Display the crypto interfaces