Security Features
Router1# show crypto ipsec policy all detail
Policy name Router2 is enabled, Direction is outbound Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic PFS Group is disabled Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/
any)
Destination ip address (ip/mask/port): (10.0.2.0/ 255.255.255.0/any)
Proposal of priority 1
Protocol: esp
Mode: tunnel
Encryption Algorithm: des
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Proposal of priority 2
Protocol: esp
Mode: tunnel
Encryption Algorithm: aes256(key length=256 bits)
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Policy name INRouter2 is enabled, Direction is inbound Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic PFS Group is disabled Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.2.0/255.255.255.0/
any)
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled):
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self Router1/configure/firewall internet/policy 1000 in# exit Router1/configure/firewall internet# exit
June 2004 | © 2004 Foundry Networks, Inc. | 15 - 23 |
