Foundry Networks AR3202-CL Manual Do Utilizador

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 31

Router1# show crypto dynamic ike policy all detail

Policy name sales, User group name sales

Aggressive mode, Response Only, PFS is not enabled, Shared Key is 

*****

Client authentication is Radius(PAP)

Local addr: 172.16.0.1, Local ident 172.16.0.1 (ip-address)

Remote idents are david@abc-corp.com (email-id), mike@abc-corp.com 

(email-id)

Proposal of priority 1

        Encryption algorithm: 3des

        Hash Algorithm: sha1

        Authentication Mode: pre-shared-key

        DH Group: group1

        Lifetime in seconds: 86400

        Lifetime in kilobytes: unlimited

Router1/configure/crypto/dynamic# ipsec policy sales

Router1/configure/crypto/dynamic/ipsec/policy sales# match address 

10.0.1.0 24

Default proposal created with priority1-esp-3des-sha1-tunnel and 

activated.

Router1/configure/crypto/dynamic/ipsec/policy sales# proposal 1

Router1/configure/crypto/dynamic/ipsec/policy sales/proposal 1# 

encryption-algorithm aes256-cbc

Router1/configure/crypto/dynamic/ipsec/policy sales/proposal 1# exit

Router1/configure/crypto/dynamic/ipsec/policy sales# exit

Router1/configure/crypto/dynamic#

Router1# show crypto dynamic ipsec policy all

Policy     Match                     Proto Transform

------     -----                     ----- ---------

sales      S 10.0.1.0/24/any          Any  P1 esp-aes-sha1-tunl

           D any/any/any

INsales    S any/any/any              Any  P1 esp-aes-sha1-tunl

           D 10.0.1.0/24/any