Security Features

3.Configure the routes:

Foundry/ configure# ip route 0.0.0.0 0.0.0.0 192.168.94.254

Foundry/ configure# ip route 40.1.1.0 24 t0

4.Define the policy:

Foundry/ configure > firewall internet Foundry/configure/firewall internet# policy 100 in proto gre self Foundry/configure/firewall internet/policy 100 in# exit Foundry/configure/firewall internet# policy 101 in service ike self Foundry/configure/firewall internet/policy 101 in# exit 2 Foundry configure# firewall corp

Foundry/configure/firewall corp# policy 100 in self

5.Check the status of the tunnel by entering:

Foundry# show ip interface tunnel t0

Step 6:Validate the tunnel configuration by entering:

Foundry# show crypto ipsec policy all

Or enter:

Foundry# show crypto ike policy all

With the tunnel properly configured and working, users on one side of the tunnel can ping users on the other side.

Configuring GRE Site to Site with IPSec and OSPF

This example extends the previous IPSec configuration example by enabling Open Shortest Path First (OSPF) protocol which provides redundant paths for the tunnel.

1.To enable OSPF, add to the Foundry configuration above:

Foundry# configure terminal

Foundry/configure# router routerid 2.2.2.2

Foundry/configure# router ospf

Foundry/configure/router/ospf# interface t0 area 0

Foundry/configure/router/ospf# exit

2.Add to the Cisco configuration above:

cisco > config t cisco(config)#router ospf 1

cisco(config-router)# network 103.1.1.0 0.0.0.255 area 0

3.To verify the OSPF configuration, enter:

Foundry# show ip ospf interface all

June 2004

© 2004 Foundry Networks, Inc.

15 - 49

Page 273 Page 275
Page 274
Image 274
Foundry Networks AR3202-CL manual Foundry# show crypto ike policy all, Configuring GRE Site to Site with IPSec and Ospf
Page 273 Page 275
Top Page Image Contents