Foundry Networks AR1204, AR1208, AR1216, AR3201, AR3201-CL, AR3202, AR3202-CL Step 4: Configure dynamic IKE policy for a group of mobile users:, Step 5: Display dynamic IKE policies:

Security Features

Step 3: Display the crypto interfaces:

Step 4: Configure dynamic IKE policy for a group of mobile users:Step 5: Display dynamic IKE policies:

Router1# show crypto interfaces

Interface Network

Name Type

--------- -------

ethernet0 trusted

wan1 untrusted

Router1/configure# crypto

Router1/configure/crypto# dynamic

Router1/configure/crypto/dynamic# ike policy sales modecfg-group

Router1/configure/crypto/dynamic/ike/policy sales# local-address

192.168.55.52

Router1/configure/crypto/dynamic/ike/policy sales# remote-id email

david@abc-corp.com

Default proposal created with priority1-des-sha1-pre_shared-g1

Key String has to be configured by the user

Default ipsec proposal 'sales' added with priority1-3des-sha1-tunnel

Router1/configure/crypto/dynamic/ike/policy sales# remote-id email

mike@abc-corp.com

Router1/configure/crypto/dynamic/ike/policy sales# key

secretkeyforsales

Router1/configure/crypto/dynamic/ike/policy sales# proposal 1

Router1/configure/crypto/dynamic/ike/policy sales/proposal 1#

encryption-algorithm 3des-cbc

Router1/configure/crypto/dynamic/ike/policy sales/proposal 1# exit

Router1/configure/crypto/dynamic/ike/policy sales# client

configuration

Router1/configure/crypto/dynamic/ike/policy sales/client/

configuration# address-pool 1 20.1.1.100 20.1.1.150

Router1/configure/crypto/dynamic/ike/policy sales/client/

configuration# exit

Router1/configure/crypto/dynamic/ike/policy sales# exit

Router1/configure/crypto/dynamic# exit

Router1# show crypto dynamic ike policy all

Policy Remote-id Mode Transform Address-Pool

------ --------- ---- --------- ------------

sales U david@foun... Aggressive P1 pre-g1-3des-sha1 1 S

Foundry Networks Step 4: Configure dynamic IKE policy for a group of mobile users:, Step 5: Display dynamic IKE policies: