Security Features

Step 5: Configure IKE to the peer gateway:

Router1/configure# crypto

Router1/configure/crypto# ike policy Router2 172.16.0.2 Router1/configure/crypto/ike/policy Router2 172.16.0.2# local- address 172.16.0.1

message: Default proposal created with priority1-des-sha1- pre_shared-g1

message: Key String has to be configured by the user Router1/configure/crypto/ike/policy Router2 172.16.0.2# key secretkey

Router1/configure/crypto/ike/policy Router2 172.16.0.2# proposal 1 Router1/configure/crypto/ike/policy Router2 172.16.0.2/proposal 1# encryption-al

gorithm 3des-cbc

Router1/configure/crypto/ike/policy Router2 172.16.0.2/proposal 1# exit

Router1/configure/crypto/ike/policy Router2 172.16.0.2# exit

Step 6: Display the IKE policies:

Router1# show crypto ike policy all

 

Policy

Peer

Mode

Transform

------

----

----

---------

Router2

172.16.0.2

Main

P1 pre-g1-3des-sha1

Step 7: Display the IKE policies in detail:

Router1# show crypto ike policy all detail

Policy name Router2, Local addr 172.16.0.1, Peer addr 172.16.0.2 Main mode, Response and Initiate, PFS is not enabled, Shared Key is

*****

Local ident 172.16.0.1 (ip-address), Remote Ident 172.16.0.2 (ip- address)

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

June 2004

© 2004 Foundry Networks, Inc.

15 - 21

Page 245 Page 247
Page 246
Image 246
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Configure IKE to the peer gateway
Page 245 Page 247
Top Page Image Contents