Foundry AR-Series Router User Guide
Step 6: Display dynamic IKE policies in detail:
Router1# show crypto dynamic ike policy all detail
Policy name sales, Modeconfig group
Aggressive mode, Response Only, PFS is not enabled, Shared Key is
*****
Local addr: 192.168.55.52, Local ident 192.168.55.52
Address Pool:
Pool# 1: 20.1.1.100 to 20.1.1.150
Proposal of priority 1
Encryption algorithm: 3des
Hash Algorithm: sha1
Authentication Mode:
DH Group: group1
Lifetime in seconds: 86400
Lifetime in kilobytes: unlimited
Step 7: Configure dynamic IPSec policy for a group of mobile users:
| Router1/configure/crypto# |
|
|
|
|
| |
| Router1/configure/crypto# dynamic |
|
|
|
|
| |
| Router1/configure/crypto/dynamic# ipsec policy sales | ||||||
| Router1/configure/crypto/dynamic/ipsec/policy | sales# | match address | ||||
| 10.0.1.0 | 24 |
|
|
|
|
|
| Router1/configure/crypto/dynamic/ipsec/policy | sales# | proposal 1 | ||||
| Router1/configure/crypto/dynamic/ipsec/policy | sales/proposal 1# | |||||
|
|
|
|
|
| ||
| Router1/configure/crypto/dynamic/ipsec/policy | sales/proposal 1# exit | |||||
| Router1/configure/crypto/dynamic/ipsec/policy | sales# | exit | ||||
| Router1/configure/crypto/dynamic# exit |
|
|
|
| ||
|
|
|
|
|
| ||
| Step 8: Display dynamic IPSec policies: |
|
|
|
| ||
|
|
|
|
| |||
| Router1# show crypto dynamic ipsec policy all |
|
|
| |||
| Policy | Match | Proto Transform |
|
| ||
|
|
| |||||
| sales | S 10.0.1.0/24/any | Any | P1 |
| ||
|
| D any/any/any |
|
|
|
|
|
|
|
|
|
|
|
|
|
15 - 40 | © 2004 Foundry Networks, Inc. | June 2004 |
