Foundry AR-Series Router User Guide

Step 6: Display dynamic IKE policies in detail:

Router1# show crypto dynamic ike policy all detail

Policy name sales, Modeconfig group

Aggressive mode, Response Only, PFS is not enabled, Shared Key is

*****

Local addr: 192.168.55.52, Local ident 192.168.55.52 (ip-address) Remote idents are david@abc-corp.com (email-id), mike@abc-corp.com (email-id)

Address Pool:

Pool# 1: 20.1.1.100 to 20.1.1.150

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

Step 7: Configure dynamic IPSec policy for a group of mobile users:

 

Router1/configure/crypto#

 

 

 

 

 

 

Router1/configure/crypto# dynamic

 

 

 

 

 

 

Router1/configure/crypto/dynamic# ipsec policy sales

modecfg-group

 

Router1/configure/crypto/dynamic/ipsec/policy

sales#

match address

 

10.0.1.0

24

 

 

 

 

 

 

Router1/configure/crypto/dynamic/ipsec/policy

sales#

proposal 1

 

Router1/configure/crypto/dynamic/ipsec/policy

sales/proposal 1#

 

encryption-algorithm aes256-cbc

 

 

 

 

 

 

Router1/configure/crypto/dynamic/ipsec/policy

sales/proposal 1# exit

 

Router1/configure/crypto/dynamic/ipsec/policy

sales#

exit

 

Router1/configure/crypto/dynamic# exit

 

 

 

 

 

 

 

 

 

 

 

Step 8: Display dynamic IPSec policies:

 

 

 

 

 

 

 

 

 

 

Router1# show crypto dynamic ipsec policy all

 

 

 

 

Policy

Match

Proto Transform

 

 

 

------

-----

-----

---------

 

 

 

sales

S 10.0.1.0/24/any

Any

P1

esp-aes-sha1-tunl

 

 

 

D any/any/any

 

 

 

 

 

 

 

 

 

 

 

 

 

15 - 40

© 2004 Foundry Networks, Inc.

June 2004

Page 264 Page 266
Page 265
Image 265
Foundry Networks AR1208, AR3202-CL, AR3201-CL, AR1204, AR1216 manual Display dynamic IKE policies in detail
Page 264 Page 266
Top Page Image Contents