Foundry AR-Series Router User Guide

Step17: Repeat steps 1 -16 with suitable modifications on Router2 prior to passing traffic.

Step 18: Test the IPSec tunnel between Router1 and Router2 by passing traffic from the 10.0.1.0 to the 10.0.2.0 network.

Step 19: After transit traffic is passed through the tunnel, display the IKE and IPSec SA tables.

Router1# show crypto ike sa all

 

 

Policy

Peer

State

Bytes

Transform

------

----

-----

-----

---------

Router2

172.16.0.2

SA_MATURE

1796

pre-g1-3des-sha1

 

 

 

 

 

Router1# show crypto ike sa all detail

Crypto Policy name: Router2

Remote ident 172.16.0.2

Peer Address is 172.16.0.2

Transform: 3des, sha1, pre-shared-key

DH Group: group1

Bytes Processed 1796

State is SA_MATURE

Mode is Main

Remaining Time in Sec: 86376

Life Time in Sec: 86400, Life Time in Bytes is unlimited

Router1# show crypto ipsec sa all

 

 

Policy

Dest IP

Spi

Bytes

Transform

------

-------

---

-----

---------

INRouter2

172.16.0.1

0xd603a513

256

esp-aes-sha1-tunl

Router2

172.16.0.2

0xb013de87

256

esp-aes-sha1-tunl

 

 

 

 

 

15 - 18

© 2004 Foundry Networks, Inc.

June 2004

Page 242 Page 244
Page 243
Image 243
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Samature
Page 242 Page 244
Top Page Image Contents