Black Box LR1102A-T1/E1 User Manual
Page 28
Black Box LR11xx Series Router Configurations Guide
30
For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that
you provide for the outbound tunnel and adds the prefix “IN” to the name.
message: Default proposal created with priority1-esp-3des-sha1-tunnel and activated.
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> proposal 1
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 1>
encryption-algorithm aes256-cbc
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 1> exit
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> exit
Step 8: Display IPSec policies
Using the
show crypto ipsec policy all
command.
Step 8.1: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also
enabled)
Black Box1/configure> firewall internet
Black Box1/configure/firewall internet> policy 1000 in service ike self
Black Box1/configure/firewall internet/policy 1000 in> exit
Black Box1/configure/firewall internet> exit
Step 8.2: Display firewall policies in the internet map (applicable only if firewall license is enabled)
Black Box1> show firewall policy internet
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1000 in any any ike PERMIT SE
1024 out any any any any any PERMIT SE
Step 8.3: Display firewall policies in the internet map in detail (applicable only if firewall license is enabled)