Black Box LR1102A-T1/E1 Example 2 Single Proposal Tun, Configure IPSec tunnel to the remote host

Example 2: Single Proposal: Tun-

Step 2: Configure the Ethernet interface with trusted network type

Black Box1/configure> interface ethernet 0

message: Configuring existing Ethernet interface

Black Box1/configure interface/ethernet 0> ip address 10.0.1.1 24

Black Box1/configure/interface/ethernet 0> crypto trusted

Black Box1/configure/interface/ethernet 0> exit

Step 3: Display the crypto interfaces

Blackbox> show crypto interfaces

Blackbox>

Step 4: Add route to peer LAN

Black Box1/configure> ip route 10.0.2.0 24 wan1

Step 5: Configure IKE to the peer gateway

Black Box1/configure> crypto ike policy Black Box2 172.16.0.2

Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> local-address 172.16.0.1

message: Default proposal created with priority1-des-sha1-pre_shared-g1.

message: Key String has to be configured by the user.

Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> key secretkey Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> proposal 1

Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2/proposal 1> encryption-algorithm 3des-cbc

Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> proposal 1> exit Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> exit

Black Box1/configure/crypto/exit Black Box1/configure>

Step 6: Display IKE policies

Blackbox> show crypto ike policy all

Blackbox>

Step 7: Configure IPSec tunnel to the remote host

Black Box1/configure/crypto> ipsec policy Black Box2 172.16.0.2

Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> match address 10.0.1.0 24 10.0.2.0 24

NOTE

29