Step 2: as in step2 of example 1, Step 3: as in step3 of example 1, Step 5: display dynamic ike policies – Black Box LR1102A-T1/E1 User Manual

Page 34: Step 6: display dynamic ike policies in detail

Advertising
background image

Black Box LR11xx Series Router Configurations Guide

36

Step 2: As in Step2 of Example 1

Step 3: As in Step3 of Example 1

Step 4: Configure dynamic IKE policy for a group of mobile users

Black Box1/configure> crypto

Black Box1/configure/crypto> dynamic

Black Box1/configure/crypto/dynamic> ike policy sales

Black Box1/configure/crypto/dynamic/ike/policy sales> local-address 172.16.0.1

Black Box1/configure/crypto/dynamic/ike/policy sales> remote-id email-id [email protected]

david

A new user david is added to the group sales. The default proposal created with priority1-des-sha1-pre_shared-g1 and the Key
String has to be configured by the user.

Black Box1/configure/crypto/dynamic/ike/policy sales> remote-id email-id [email protected]

New user mike is added to the group sales

Black Box1/configure/crypto/dynamic/ike/policy sales> key secretkeyforsalesusers

Black Box1/configure/crypto/dynamic/ike/policy sales> proposal 1

Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1> encryption-algorithm

3des-cbc

Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1> exit

Black Box1/configure/crypto/dynamic/ike/policy sales> client authentication radius pap

Black Box1/configure/crypto/dynamic/ike/policy sales> exit

Black Box1/configure/crypto/dynamic>

Step 5: Display dynamic IKE policies

Black Box1> show crypto dynamic ike policy all

Policy Remote-id Mode Transform Address-Pool

------ --------- ---- --------- ------------

sales U david@Blackbox... Aggressive P1 pre-g1-3des-sha1

Step 6: Display dynamic IKE policies in detail

Black Box1> show crypto dynamic ike policy all detail

Policy name sales, User group name sales

Aggressive mode, Response Only, PFS is not enabled, Shared Key is *****

Client authentication is Radius(PAP)

Local addr: 172.16.0.1, Local ident 172.16.0.1 (ip-address)

Remote idents are [email protected] (email-id), [email protected] (

email-id)

Proposal of priority 1

Encryption algorithm: 3des

Hash Algorithm: sha1

Authentication Mode: pre-shared-key

DH Group: group1

Lifetime in seconds: 86400

Lifetime in kilobytes: unlimited

Step 7: Configure dynamic IPSec policy for a group of mobile users

Advertising
This manual is related to the following products:

LR1112A-T1/E1, LR1114A-T1/E1, LR1104A-T1/E1

Popular Brands
Popular manuals