Foundry AR-Series Router User Guide

Step 9: Display dynamic IPSec policies in detail:

Router1# show crypto dynamic ipsec policy all detail

Policy sales is enabled, User group name sales Direction is outbound, Action is Apply

Key Management is Automatic PFS Group is disabled Match Address:

Protocol is Any

Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/

any)

Destination ip address (ip/mask/port): (any/any/any)

Proposal of priority 1

Protocol: esp

Mode: tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Policy INsales is enabled, User group name sales Direction is inbound, Action is Apply

Key Management is Automatic PFS Group is disabled Match Address:

Protocol is Any

Source ip address (ip/mask/port): (any/any/any)

Destination ip address (ip/mask/port): (10.0.1.0/ 255.255.255.0/any)

Proposal of priority 1

Protocol: esp

Mode: tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Step 10: Configure radius server (applicable only if client authentication is configured in dynamic IKE policy):

Router1/configure# aaa

Router1/configure/aaa# radius

Router1/configure/aaa/radius# primary_server 172.168.2.1

Primary Radius server configured.

Router1/configure/aaa/radius# secondary_server 192.168.2.1

Secondary Radius server configured.

Router1/configure/aaa/radius# exit

Router1/configure/aaa# exit

15 - 32

© 2004 Foundry Networks, Inc.

June 2004

Page 256 Page 258
Page 257
Image 257
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Display dynamic IPSec policies in detail
Page 256 Page 258
Top Page Image Contents