Foundry AR-Series Router User Guide

Step 16: Test the IPSec tunnel between the VPN client and the server by passing traffic from the client to the 10.0.1.0 network.

Step 17: After passing traffic through the tunnel, display the list of clients logged onto the VPN server and the IKE and IPSec SA tables:

Router1# show crypto dynamic clients

 

Client Address

Client Id

Policy

 

Advanced

 

 

 

--------------

---------

------

 

--------

 

 

 

192.168.107.105 david@abc-corp...

sales:20.1.1.1

ModecfgGrp

 

 

 

 

Router1#show crypto ike sa

all

 

 

Policy

Peer

State

Bytes

Transform

------

----

-----

-----

---------

sales

192.168.107.105

SA_MATURE

2052

pre-g1-3des-sha1

 

 

 

 

 

Router1# show crypto ike sa all detail

Crypto Policy name: sales

Remote ident david@abc-corp.com Peer Address is 192.168.107.105 Transform: 3des, sha1, pre-shared-key DH Group: group1

Bytes Processed 2052 State is SA_MATURE Mode is Aggressive

Life Time in Sec is unlimited, Life Time in Bytes is unlimited

Router1# show crypto ipsec sa all

 

 

Policy

Dest IP

Spi

Bytes

Transform

------

-------

---

-----

---------

INsales

172.16.0.10xbba97427 840

 

esp-aes-sha1-tunl

sales

192.168.107.1050xcb0e23f3 560

esp-aes-sha1-tunl

 

 

 

 

 

15 - 44

© 2004 Foundry Networks, Inc.

June 2004

Page 268 Page 270
Page 269
Image 269
Foundry Networks AR1204, AR3202-CL, AR3201-CL, AR1216, AR1208 manual Samature
Page 268 Page 270
Top Page Image Contents