Black Box LR1102A-T1/E1 User Manual

Black Box LR11xx Series Router Configurations Guide

38

Black Box1> show crypto dynamic ipsec policy all detail

Policy sales is enabled, User group name sales

Direction is outbound, Action is Apply

Key Management is Automatic

PFS Group is disabled

Match Address:

Protocol is Any

Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)

Destination ip address (ip/mask/port): (any/any/any)

Proposal of priority 1

Protocol: esp

Mode: tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Policy INsales is enabled, User group name sales

Direction is inbound, Action is Apply

Key Management is Automatic

PFS Group is disabled

Match Address:

Protocol is Any

Source ip address (ip/mask/port): (any/any/any)

Destination ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)

Proposal of priority 1

Protocol: esp

Mode: tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Step 10: Configure radius server (applicable only if client authentication is configured in dynamic IKE policy)

Black Box1/configure> aaa

Black Box1/configure/aaa> radius

Black Box1/configure/aaa/radius> primary_server 172.168.2.1

Primary Radius server configured.

Black Box1/configure/aaa/radius> secondary_server 192.168.2.1

Secondary Radius server configured.

Black Box1/configure/aaa/radius> exit

Black Box1/configure/aaa> exit

Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also

enabled)