Security Features

Step16: Repeat steps 1 -15 with suitable modifications on Router2 prior to passing bi- directional traffic.

Step 17: Test the IPSec tunnel between Router1 and Router2 by passing traffic from the 10.0.1.0 network to the 10.0.2.0 network.

Step 18: After traffic is passed through the tunnel, display the IKE and IPSec SA tables.

Router1# show crypto ike sa all

 

 

Policy

Peer

State

Bytes

Transform

------

----

-----

-----

---------

Router2

172.16.0.2

SA_MATURE

1796

pre-g1-3des-sha1

 

 

 

 

 

Router1# show crypto ike sa all detail

Crypto Policy name: Router2

Remote ident 172.16.0.2

Peer Address is 172.16.0.2

Transform: 3des, sha1, pre-shared-key

DH Group: group1

Bytes Processed 1796

State is SA_MATURE

Mode is Main

Remaining Time in Sec: 86380

Life Time in Sec: 86400, Life Time in Bytes is unlimited

Router1# show crypto ipsec sa all

 

 

Policy

Dest IP

Spi

Bytes

Transform

------

-------

---

-----

---------

INRouter2

172.16.0.1

0x8eabe4b3

256

esp-aes-sha1-tunl

Router2

172.16.0.2

0xa9a506f9

256

esp-aes-sha1-tunl

 

 

 

 

 

June 2004

© 2004 Foundry Networks, Inc.

15 - 27

Page 251 Page 253
Page 252
Image 252
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Samature
Page 251 Page 253
Top Page Image Contents