Foundry AR-Series Router User Guide

Step 3: Display the crypto interfaces:

Router1# show crypto interfaces

Interface

Network

Name

Type

---------

-------

ethernet0

trusted

wan1

untrusted

Step 4: Configure dynamic IKE policy for a group of mobile users:

Router1/configure# crypto Router1/configure/crypto# dynamic Router1/configure/crypto/dynamic# ike policy sales Router1/configure/crypto/dynamic/ike/policy sales# local-address 172.16.0.1

Router1/configure/crypto/dynamic/ike/policy sales# remote-id email-id david@abc-corp.com david

New user david is added to the group sales

Default proposal created with priority1-des-sha1-pre_shared-g1 Key String has to be configured by the user

Router1/configure/crypto/dynamic/ike/policy sales# remote-id email-id mike@abc-corp.com mike

New user mike is added to the group sales

Router1/configure/crypto/dynamic/ike/policy sales# key secretkeyforsalesusers Router1/configure/crypto/dynamic/ike/policy sales# proposal 1 Router1/configure/crypto/dynamic/ike/policy sales/proposal 1# encryption-algorithm 3des-cbc Router1/configure/crypto/dynamic/ike/policy sales/proposal 1# exit Router1/configure/crypto/dynamic/ike/policy sales# client authentication radius pap Router1/configure/crypto/dynamic/ike/policy sales# exit Router1/configure/crypto/dynamic#

Step 5: Display dynamic IKE policies:

Router1# show crypto dynamic ike policy all

 

Policy

Remote-id

Mode

Transform

Address-Pool

------

---------

----

---------

------------

sales

U david@foun... Aggressive P1

pre-g1-3des-

 

 

 

 

 

15 - 30

© 2004 Foundry Networks, Inc.

June 2004

Page 254 Page 256
Page 255
Image 255
Foundry Networks AR1204, AR3202-CL Configure dynamic IKE policy for a group of mobile users, Display dynamic IKE policies
Page 254 Page 256
Top Page Image Contents