Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 21
Step 5: Configure IKE to the peer gateway:
Step 6: Display the IKE policies:
Step 7: Display the IKE policies in detail:
Router1/configure# crypto
Router1/configure/crypto# ike policy Router2 172.16.0.2
Router1/configure/crypto/ike/policy Router2 172.16.0.2# local-
address 172.16.0.1
message: Default proposal created with priority1-des-sha1-
pre_shared-g1
message: Key String has to be configured by the user
Router1/configure/crypto/ike/policy Router2 172.16.0.2# key
secretkey
Router1/configure/crypto/ike/policy Router2 172.16.0.2# proposal 1
Router1/configure/crypto/ike/policy Router2 172.16.0.2/proposal 1#
encryption-al
gorithm 3des-cbc
Router1/configure/crypto/ike/policy Router2 172.16.0.2/proposal 1#
exit
Router1/configure/crypto/ike/policy Router2 172.16.0.2# exit
Router1# show crypto ike policy all
Policy Peer Mode Transform
------ ---- ---- ---------
Router2 172.16.0.2 Main P1 pre-g1-3des-sha1
Router1# show crypto ike policy all detail
Policy name Router2, Local addr 172.16.0.1, Peer addr 172.16.0.2
Main mode, Response and Initiate, PFS is not enabled, Shared Key is
*****
Local ident 172.16.0.1 (ip-address), Remote Ident 172.16.0.2 (ip-
address)
Proposal of priority 1
Encryption algorithm: 3des
Hash Algorithm: sha1
Authentication Mode: pre-shared-key
DH Group: group1
Lifetime in seconds: 86400
Lifetime in kilobytes: unlimited