Foundry AR-Series Router User Guide

Step 8: Configure IPSec tunnel to the remote host:

Router1/configure/crypto# ipsec policy Router2 172.16.0.2 Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# match address 10.0.1.0 24 10.0.2.0 24

Default proposal created with priority1-esp-3des-sha1-tunnel and activated.

Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# proposal 1 Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 1# encryption-algorithm des-cbc Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 1# exit

Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# proposal 2 Proposal added with priority2-esp-3des-sha1-tunnel. Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 2# encryption-algorithm aes256-cbc Router1/configure/crypto/ipsec/policy Router2 172.16.0.2/proposal 2# exit

Router1/configure/crypto/ipsec/policy Router2 172.16.0.2# exit Router1/configure/crypto# exit

Router1/configure#

NOTE: For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name.

Step 9: Display the IPSec policies:

Router1# show crypto ipsec policy all

 

 

Policy

Peer

Match

Proto

Transform

------

----

-----

-----

---------

Router2

172.16.0.2

S 10.0.1.0/24/any

Any P1 esp-des-

sha1-tunl

 

 

 

 

 

 

 

 

 

15 - 22

© 2004 Foundry Networks, Inc.

June 2004

Page 246 Page 248
Page 247
Image 247
Foundry Networks AR3201-CL, AR3202-CL, AR1204, AR1216, AR1208 manual Configure IPSec tunnel to the remote host
Page 246 Page 248
Top Page Image Contents