Black Box LR1102A-T1/E1 User Manual
Page 32
Black Box LR11xx Series Router Configurations Guide
34
Blackbox> show crypto interfaces
Interface Network
Name Type
--------- -------
wan1 Untrusted
ethernet0 trusted
Blackbox>
Step 4: Add route to peer LAN
Black Box1/configure> ip route 10.0.2.0 24 wan1
Step 5: Configure IKE to the peer gateway
Black Box1/configure> crypto ike policy Black Box2 172.16.0.2
Black Box1/configure/crypto/ike/policy/Black Box2 172.16.0.2> local-address 172.16.0.1
message: Default proposal created with priority1-des-sha-pre_shared-g1.
message: Key String has to be configured by the user.
Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> key secretkey
Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> proposal 1
Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2/proposal 1> encryption-algorithm
3des-cbc
Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2/proposal 1> exit
Black Box1/configure/crypto/ike/policy Black Box2 172.16.0.2> exit
Black Box1/configure/crypto> exit
Black Box1/configure>
Step 6: Display IKE policies
Blackbox> show crypto ike policy all
Policy Peer Mode Transform
------ ---- ---- ---------
Black Box 172.14.0.2 Main P1 pre-g1-3des-sha
Blackbox>
Step 7: Configure IPSec tunnel to the remote host
Black Box1/configure>crypto ipsec policy Black Box2 172.16.0.2
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> match address 10.0.1.0 24
10.0.2.0 24
message: Default proposal created with priority1-esp-3des-sha1-tunnel and activated.
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> proposal 1
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 1>
encryption-algorithm des-cbc
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 1> exit
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> proposal 2
message: Proposal added with priority2-esp-3des-sha1-tunnel.