Foundry AR-Series Router User Guide

5.Configure the Cisco side:

cisco > config t cisco(config)#interface Ethernet2/0

cisco(config-if)#ip address 192.168.55.75255.255.255.0 cisco(config-if)#exit

cisco(config)#interface Tunnel 0 cisco(config-if)#ip address 103.1.1.1 255.255.255.0 cisco(config-if)#tunnel source 192.168.55.75 cisco(config-if)#tunnel destination 192.168.94.220 cisco(config-if)#exit

cisco(config)#ip route 0.0.0.0 0.0.0.0 192.168.55.254 cisco(config)#ip route 10.3.1.0 255.255.255.0 Tunnel0

With the tunnel properly configured and working, users on one side of the tunnel can ping users on the other side.

Configuring GRE Site to Site with IPSec

This example extends the first example by adding encryption to the tunnel.

1.Prepare the WAN link:

Foundry# configure terminal

Foundry/ configure# interface bundle wan1

Foundry/ configure/interface/bundle wan1# link t1 1 Foundry/ configure/interface/bundle wan1# encapsulation ppp Foundry/ configure/interface/bundle wan1# ip address 192.168.94.220 255.255.255.0

Foundry/ configure/interface/bundle wan1# crypto untrusted Foundry/ configure/interface/bundle wan1# exit

2. Configure the tunnel:

Foundry/ configure# interface tunnel t0

 

Foundry/ configure/interface/tunnel t0#

ip address 103.1.1.2 24

Foundry/ configure/interface/tunnel t0#

tunnel source

192.168.94.220

 

Foundry/ configure/interface/tunnel t0#

tunnel destination

192.168.55.75

 

Foundry/ configure/interface/tunnel t0#

tunnel protection grecisco

secretkeyfortest

 

Foundry/ configure/interface/tunnel t0#

crypto untrusted

Foundry/ configure/interface/tunnel t0#

exit

 

 

15 - 48

© 2004 Foundry Networks, Inc.

June 2004

Page 272 Page 274
Page 273
Image 273
Foundry Networks AR3202-CL, AR3201-CL, AR1204, AR1216, AR1208 manual Configuring GRE Site to Site with IPSec
Page 272 Page 274
Top Page Image Contents