Black Box LR1114A-T1/E1, LR1112A-T1/E1, LR1104A-T1/E1 manual IPSec Remote Access User, Black Box #1

IPSec Remote Access User

Figure 28 User Group Remote Access Configuration

To create the user group configuration enter:

Blackbox>configure term

Blackbox/configure>interface bundle wan

Blackbox/configure/interface/bundle wan>link t1 1-2

Blackbox/configure/interface/bundle wan>ip address 172.16.0.1 321

Blackbox/configure/interface/bundle wan>crypto internet

To configure the IKE policy for negotiating with the remote VPN client needing access (note that the IKE and IPSec policies for management (self) tunnel need to be defined in the “Self” map):

Blackbox/configure>crypto Self

Blackbox/configure/crypto>dynamic

Blackbox/configure/crypto/dynamic>ike policy admin user-group

Blackbox/configure/crypto/dynamic/ike/policy admin>local-address 172.16.0.1 Blackbox/configure/crypto/dynamic/ike/policy admin>remote-id email-id sampledata Black Boxuser

Blackbox/configure/crypto/dynamic/ike/policy admin>key pskforadminuser Blackbox/configure/crypto/dynamic/ike/policy admin>proposal 1 Blackbox/configure/crypto/dynamic/ike/policy admin/proposal 1>encryption-algorithm 3des-cbc

Blackbox/configure/crypto/dynamic/ike/policy admin/proposal 1>client authentication radius

To configure the IPSec policy for negotiating with VPN client needing access to the security gateway.

Blackbox/configure/crypto/dynamic>ipsec policy admin user-group

Blackbox/configure/crypto/dynamic/ipsec/policy admin>match address 172.16.0.1 32

Blackbox/configure/crypto/dynamic/ipsec/policy admin> proposal 1

Blackbox/configure/crypto/dynamic/ipsec/policy admin/proposal 1>encryption-algorithm

aes128-cbc

91