Security Features

Step 9: Display dynamic IPSec policies in detai:l

Router1# show crypto dynamic ipsec policy all detail

Policy sales is enabled, Modeconfig Group Action is Apply

Key Management is Automatic PFS Group is disabled Match Address:

Protocol is Any

Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/

any)

Destination ip address (ip/mask/port): (any/any/any)

Proposal of priority 1

Protocol: esp

Mode: Tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled):

Router1/configure# firewall internet

Router1/configure/firewall internet# policy 1000 in service ike self Router1/configure/firewall internet/policy 1000 in# exit Router1/configure/firewall internet# exit

Step 11: Display firewall policies in the internet map (applicable only if firewall license is enabled):

Router1# show

firewall policy

internet

Advanced: S -

Self Traffic,

F

-

Ftp-Filter, H - Http-Filter,

R

-

Rpc-Filter, N

-

Nat-Ip/Nat-Pool, L - Logging,

E

-

Policy Enabled,

M

- Smtp-Filter

Pri

Dir Source

Addr

Destination Addr

Sport Dport Proto

Action Advanced

 

 

 

---

--- -----------

----------------

----------------- ----

June 2004

© 2004 Foundry Networks, Inc.

15 - 41

Page 265 Page 267
Page 266
Image 266
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Display dynamic IPSec policies in detail
Page 265 Page 267
Top Page Image Contents