- Foundry Router User Guide
Foundry AR-Series Router User Guide
15 - 14 © 2004 Foundry Networks, Inc. June 2004
Step 10: Display IPSec policies detail:
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface
(applicable only if firewall license is also enabled):
Router1# show crypto ipsec policy all detail
Policy name Router2 is enabled, Direction is outbound
Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic
PFS Group is disabled
Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)
Destination ip address (ip/mask/port): (10.0.2.0/
255.255.255.0/any)
Proposal of priority 1
Protocol: esp
Mode: tunnel
Encryption Algorithm: aes256(key length=256 bits)
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Policy name INRouter2 is enabled, Direction is inbound
Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic
PFS Group is disabled
Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.2.0/255.255.255.0/any)
Destination ip address (ip/mask/port): (10.0.1.0/
255.255.255.0/any)
Proposal of priority 1
Protocol: esp
Mode: tunnel
Encryption Algorithm: aes256(key length=256 bits)
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self
Router1/configure/firewall internet/policy 1000 in# exit
Router1/configure/firewall internet# exit