Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 49
3. Configure the routes:
4. Define the policy:
5. Check the status of the tunnel by entering:
Foundry# show ip interface tunnel t0
Step 6:Validate the tunnel configuration by entering:
Foundry# show crypto ipsec policy all
Or enter:
Foundry# show crypto ike policy all
With the tunnel properly configured and working, users on one side of the tunnel can ping users on the other sid e.
Configuring GRE Site to Site with IPSec and OSPFThis example extends the previous IPSec configuration example by enabling Open Shortest Path First (OSPF)
protocol which provides redundant paths for the tunnel.
1. To enable OSPF, add to the Foundry configuration above:
2. Add to the Cisco configuration above:
3. To verify the OSPF configuration, enter:
Foundry# show ip ospf interface all
Foundry/ configure# ip route 0.0.0.0 0.0.0.0 192.168.94.254
Foundry/ configure# ip route 40.1.1.0 24 t0
Foundry/ configure > firewall internet
Foundry/configure/firewall internet# policy 100 in proto gre self
Foundry/configure/firewall internet/policy 100 in# exit
Foundry/configure/firewall internet# policy 101 in service ike self
Foundry/configure/firewall internet/policy 101 in# exit 2
Foundry configure# firewall corp
Foundry/configure/firewall corp# policy 100 in self
Foundry# configure terminal
Foundry/configure# router routerid 2.2.2.2
Foundry/configure# router ospf
Foundry/configure/router/ospf# interface t0 area 0
Foundry/configure/router/ospf# exit
cisco > config t
cisco(config)#router ospf 1
cisco(config-router)# network 103.1.1.0 0.0.0.255 area 0