Black Box LR1102A-T1/E1 User Manual

Black Box LR11xx Series Router Configurations Guide

24

4.2 Example 1: Managing the Black Box LR1104A

Securely Over an IPSec Tunnel

The following example demonstrates how to manage a Black Box router through an IP security tunnel. Steps are
presented for configuring the Black Box1 and Black Box2 routers to assist any host on the LAN side of Black
Box-2 to manage the Black Box1 router through the IP security tunnel.

The security requirements are as follows:

„

Phase 1: 3DES with SHA1

„

Phase 2: IPSec ESP with AES and HMAC-SHA1

Figure 8 Tunnel Mode Between Two Black Box Security Gateways - Multiple Proposals

Step 1: Configure a WAN bundle of network type untrusted

Black Box1/configure> interface bundle wan1

message: Configuring new bundle

Black Box1/configure/interface/bundle wan1> link t1 1

Black Box1/configure/interface/bundle wan1> encapsulation ppp

Black Box1/configure/interface/bundle wan1> ip address 172.16.0.1 24

Black Box1/configure/interface/bundle wan1> crypto untrusted

Black Box1/configure/interface/bundle wan1> exit

Step 2: Configure the Ethernet interface with trusted network type

Black Box1/configure> interface ethernet 0

message: Configuring existing Ethernet interface

Black Box1/configure interface/ethernet 0> ip address 10.0.1.1 24

Black Box1/configure/interface/ethernet 0> crypto trusted

Black Box1/configure/interface/ethernet 0> exit

Step 3: Display the crypto interfaces

Blackbox/configure> system licenses vpn_plus_firewall

Enter Security Upgrade License key: 024f3bc296b4ea7265

UNTRUSTED

TRUSTED

TRUSTED

IPSec ESP

Tasman1

Tasman2

172.16.0.1

172.16.0.2

Network
10.0.1.0/24

Network
10.0.2.0/24

Black Box 1

Black Box 2