Foundry AR-Series Router User Guide
15 - 10 © 2004 Foundry Networks, Inc. June 2004
Example 2: Joining Two Private Networks with an IP Security Tunnel
The following example demonstrates how to form an IP security tunnel to join two private networks: 10.0.1.0/24
and 10.0.2.0/24. The security requirements are as follows:
Phase 1: 3DES with SHA1
Phase 2: IPSec ESP with AES (256-bit) and HMAC-SHA1
Router1# show crypto ipsec sa all detail
Crypto Policy name: INRouter2
Protocol is Any
Local ident(ip/mask/port): (10.0.2.0/255.255.255.0/any)
Remote ident(ip/mask/port): (172.16.0.1/255.255.255.255/any)
Peer Address is 172.16.0.1, PFS Group is disabled
inbound ESP sas
Spi: 0xe8453c2b
Transform: aes128 (key length=128 bits), sha1
In use settings = {tunnel}
Bytes Processed 256
Hard lifetime in seconds 3290, Hard lifetime in kilobytes
413696
Soft lifetime in seconds 0, Soft lifetime in kilobytes is
unlimited
Crypto Policy name: Router2
Protocol is Any
Local ident(ip/mask/port): (172.16.0.1/255.255.255.255/any)
Remote ident(ip/mask/port): (10.0.2.0/255.255.255.0/any)
Peer Address is 172.16.0.2, PFS Group is disabled
outbound ESP sas
Spi: 0xa1f673aa
Transform: aes128 (key length=128 bits), sha1