Foundry Networks AR1208 Benutzerhandbuch
Security Features
June 2004
© 2004 Foundry Networks, Inc.
15 - 41
Step 9: Display dynamic IPSec policies in detai:l
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface
(applicable only if firewall license is also enabled):
(applicable only if firewall license is also enabled):
Step 11: Display firewall policies in the internet map (applicable only if firewall license is
enabled):
enabled):
Router1# show crypto dynamic ipsec policy all detail
Policy sales is enabled, Modeconfig Group
Action is Apply
Key Management is Automatic
PFS Group is disabled
Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/
any)
Destination ip address (ip/mask/port): (any/any/any)
Proposal of priority 1
Protocol: esp
Mode: Tunnel
Encryption Algorithm: aes256(key length=256 bits)
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self
Router1/configure/firewall internet/policy 1000 in# exit
Router1/configure/firewall internet# exit
Router1# show firewall policy internet
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto
Action Advanced
--- --- ----------- ---------------- ----------------- ----