Security Features

Step 8: Configure IPSec tunnel to the remote host:

Router1/configure/crypto# ipsec policy Router2 172.16.0.2 Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# match address 10.0.1.0 24 10.0.2.0 24

Default proposal created with priority1-esp-3des-sha1-tunnel and activated.

Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# proposal 1 Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 1# encryption-algorithm aes256-cbc Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 1# exit

Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# exit

NOTE: For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name.

Step 9: Display IPSec policies:

Router1# show crypto ipsec policy all

 

Policy

Peer

Match

Proto Transform

------

----

-----

----- ---------

Router2

172.16.0.2

S 10.0.1.0/24/any

Any P1 esp-aes-

sha1-tunl

 

 

 

 

 

 

 

June 2004

© 2004 Foundry Networks, Inc.

15 - 13

Page 237 Page 239
Page 238
Image 238
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216 manual Configure IPSec tunnel to the remote host, Display IPSec policies
Page 237 Page 239
Top Page Image Contents