Display the IKE policies | Foundry Networks AR1208, AR3202-CL, AR3201-CL

Security Features

Step 6: Display the IKE policies:

Router1# show crypto ike policy all
Policy	Peer	Mode	Transform
------	----	----	---------
Router2	172.16.0.2	Main	P1 pre-g1-3des-sha1

Step 7: Display the IKE policies in detail:

Router1# show crypto ike policy all detail

Policy name Router2, Local addr 172.16.0.1, Peer addr 172.16.0.2 Main mode, Response and Initiate, PFS is not enabled, Shared Key is

*****

Local ident 172.16.0.1 (ip-address), Remote Ident 172.16.0.2 (ip- address)

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

Step 8: Configure the IPSec tunnel to the remote host:

Router1/configure/crypto# ipsec policy Router2 172.16.0.2 Router1/configure/crypto/ipsec policy Router2 172.16.0.2# match address 172.16.0.1 32 10.0.2.0 24

message: Default proposal created with priority1-esp-3des-sha1-tunnel and activated.

Router1/configure/crypto# ipsec policy Router2 172.16.0.2# proposal 1

Router1/configure/crypto# ipsec policy Router2 172.16.0.2/proposal 1# encryption-algorithm aes128-cbc Router1/configure/crypto# ipsec policy Router2 172.16.0.2/proposal 1# exit

Router1/configure/crypto# ipsec policy Router2 172.16.0.2# exit

NOTE: For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name.

June 2004

15 - 5

Foundry Networks AR1208, AR3202-CL, AR3201-CL, AR1204, AR1216 Display the IKE policies in detail

Models: AR1208 AR1216 AR3202-CL AR3202 AR3201-CL AR3201 AR1204

Step 6: Display the IKE policies:

Step 7: Display the IKE policies in detail:

Step 8: Configure the IPSec tunnel to the remote host: