- Foundry Router User Guide
Security Features
June 2004 © 2004 Foundry Networks, Inc. 15 - 5
Step 6: Display the IKE policies:
Step 7: Display the IKE policies in detail:
Step 8: Configure the IPSec tunnel to the remote host:
NOTE: For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The
inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name.
Router1# show crypto ike policy all
Policy Peer Mode Transform
------ ---- ---- ---------
Router2 172.16.0.2 Main P1 pre-g1-3des-sha1
Router1# show crypto ike policy all detail
Policy name Router2, Local addr 172.16.0.1, Peer addr 172.16.0.2
Main mode, Response and Initiate, PFS is not enabled, Shared Key is
*****
Local ident 172.16.0.1 (ip-address), Remote Ident 172.16.0.2 (ip-
address)
Proposal of priority 1
Encryption algorithm: 3des
Hash Algorithm: sha1
Authentication Mode: pre-shared-key
DH Group: group1
Lifetime in seconds: 86400
Lifetime in kilobytes: unlimited
Router1/configure/crypto# ipsec policy Router2 172.16.0.2
Router1/configure/crypto/ipsec policy Router2 172.16.0.2# match
address 172.16.0.1 32 10.0.2.0 24
message: Default proposal created with
priority1-esp-3des-sha1-tunnel and activated.
Router1/configure/crypto# ipsec policy Router2 172.16.0.2# proposal
1
Router1/configure/crypto# ipsec policy Router2 172.16.0.2/proposal
1# encryption-algorithm aes128-cbc
Router1/configure/crypto# ipsec policy Router2 172.16.0.2/proposal
1# exit
Router1/configure/crypto# ipsec policy Router2 172.16.0.2# exit