Display dynamic IKE policies in detail | Foundry Networks AR1216

Security Features

Step 6: Display dynamic IKE policies in detail:

Router1# show crypto dynamic ike policy all detail

Policy name sales, User group name sales

Aggressive mode, Response Only, PFS is not enabled, Shared Key is

*****

Client authentication is Radius(PAP)

Local addr: 172.16.0.1, Local ident 172.16.0.1 (ip-address) Remote idents are david@abc-corp.com (email-id), mike@abc-corp.com (email-id)

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

Step 7: Configure dynamic IPSec policy for a group of mobile users:

Router1/configure/crypto/dynamic# ipsec policy sales

Router1/configure/crypto/dynamic/ipsec/policy sales# match address 10.0.1.0 24

Default proposal created with priority1-esp-3des-sha1-tunnel and activated.

Router1/configure/crypto/dynamic/ipsec/policy sales# proposal 1 Router1/configure/crypto/dynamic/ipsec/policy sales/proposal 1# encryption-algorithm aes256-cbc Router1/configure/crypto/dynamic/ipsec/policy sales/proposal 1# exit Router1/configure/crypto/dynamic/ipsec/policy sales# exit Router1/configure/crypto/dynamic#

Step 8: Display dynamic IPSec policies:

Router1# show crypto dynamic ipsec policy all
Policy	Match	Proto	Transform
------	-----	-----	---------
sales	S 10.0.1.0/24/any	Any	P1	esp-aes-sha1-tunl
	D any/any/any
INsales	S any/any/any	Any	P1	esp-aes-sha1-tunl
	D 10.0.1.0/24/any

June 2004

15 - 31

Foundry Networks AR1216 Display dynamic IKE policies in detail, Display dynamic IPSec policies

Models: AR1208 AR1216 AR3202-CL AR3202 AR3201-CL AR3201 AR1204

Security Features

Step 6: Display dynamic IKE policies in detail:

Step 7: Configure dynamic IPSec policy for a group of mobile users:

Step 8: Display dynamic IPSec policies: