Foundry AR-Series Router User Guide

Router1# show crypto ipsec sa all detail

Crypto Policy name: INRouter2 Protocol is Any

Local ident(ip/mask/port): (10.0.2.0/255.255.255.0/any)

Remote ident(ip/mask/port): (172.16.0.1/255.255.255.255/any) Peer Address is 172.16.0.1, PFS Group is disabled

inbound ESP sas

Spi: 0xe8453c2b

Transform: aes128 (key length=128 bits), sha1 In use settings = {tunnel}

Bytes Processed 256

Hard lifetime in seconds 3290, Hard lifetime in kilobytes

413696

Soft lifetime in seconds 0, Soft lifetime in kilobytes is unlimited

Crypto Policy name: Router2 Protocol is Any

Local ident(ip/mask/port): (172.16.0.1/255.255.255.255/any)

Remote ident(ip/mask/port): (10.0.2.0/255.255.255.0/any) Peer Address is 172.16.0.2, PFS Group is disabled

outbound ESP sas

Spi: 0xa1f673aa

Transform: aes128 (key length=128 bits), sha1

Example 2: Joining Two Private Networks with an IP Security Tunnel

The following example demonstrates how to form an IP security tunnel to join two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements are as follows:

Phase 1: 3DES with SHA1

Phase 2: IPSec ESP with AES (256-bit) and HMAC-SHA1

15 - 10

© 2004 Foundry Networks, Inc.

June 2004

Page 234 Page 236
Page 235
Image 235
Foundry Networks AR1216, AR3202-CL, AR3201-CL, AR1204, AR1208 manual Router1# show crypto ipsec sa all detail
Page 234 Page 236
Top Page Image Contents