Black Box LR11xx Series Router Configurations Guide

Black Box1> show crypto dynamic ike policy all

 

Policy

Remote-id

Mode

Transform

Address-Pool

------

---------

----

---------

------------

sales

U david@BlackBox... Aggressive P1 pre-g1-3des-sha1 1 S 20.1.1.100

E20.1.1.150

Step 6: Display dynamic IKE policies in detail

Black Box1> show crypto dynamic ike policy all detail

Policy name sales, Modeconfig group

Aggressive mode, Response Only, PFS is not enabled, Shared Key is *****

Local addr: 192.168.55.52, Local ident 192.168.55.52 (ip-address)

Remote idents are david@Blackbox.com (email-id), mike@Blackbox.com (email-id) Address Pool:

Pool# 1: 20.1.1.100 to 20.1.1.150

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

Step 7: Configure dynamic IPSec policy for a group of mobile users

Black Box1/configure/crypto>

Black Box1/configure/crypto> dynamic

Black Box1/configure/crypto/dynamic> ipsec policy sales modecfg-group

Black Box1/configure/crypto/dynamic/ipsec/policy sales> match address 10.0.1.0 24 Black Box1/configure/crypto/dynamic/ipsec/policy sales> proposal 1

Black Box1/configure/crypto/dynamic/ipsec/policy sales/proposal 1> encryption-algorithm aes256-cbc

Black Box1/configure/crypto/dynamic/ipsec/policy sales/proposal 1> exit Black Box1/configure/crypto/dynamic/ipsec/policy sales> exit

Black Box1/configure/crypto/dynamic> exit

Step 8: Display dynamic IPSec policies

Black Box1> show crypto dynamic ipsec policy all

Policy

Match

Proto

Transform

------

-----

-----

---------

sales

S 10.0.1.0/24/any

Any

P1 esp-aes-sha1-tunl

 

D any/any/any

 

 

Step 9: Display dynamic IPSec policies in detail

42

Page 39 Page 41
Page 40
Image 40
Black Box LR1112A-T1/E1, LR1114A-T1/E1, LR1104A-T1/E1, LR1102A-T1/E1 manual Display dynamic IKE policies in detail
Page 39 Page 41
Top Page Image Contents