Black Box LR1102A-T1/E1 User Manual
Page 89
IPSec Remote Access User
91
Figure 28 User Group Remote Access Configuration
To create the user group configuration enter:
Blackbox>configure term
Blackbox/configure>interface bundle wan
Blackbox/configure/interface/bundle wan>link t1 1-2
Blackbox/configure/interface/bundle wan>ip address 172.16.0.1 32
1
Blackbox/configure/interface/bundle wan>crypto internet
To configure the IKE policy for negotiating with the remote VPN client needing access (note that the IKE and IPSec policies
for management (self) tunnel need to be defined in the “Self” map):
Blackbox/configure>crypto Self
Blackbox/configure/crypto>dynamic
Blackbox/configure/crypto/dynamic>ike policy admin user-group
Blackbox/configure/crypto/dynamic/ike/policy admin>local-address 172.16.0.1
Blackbox/configure/crypto/dynamic/ike/policy admin>remote-id email-id sampledata Black
Boxuser
Blackbox/configure/crypto/dynamic/ike/policy admin>key pskforadminuser
Blackbox/configure/crypto/dynamic/ike/policy admin>proposal 1
Blackbox/configure/crypto/dynamic/ike/policy admin/proposal 1>encryption-algorithm
3des-cbc
Blackbox/configure/crypto/dynamic/ike/policy admin/proposal 1>client authentication
radius
To configure the IPSec policy for negotiating with VPN client needing access to the security gateway.
Blackbox/configure/crypto/dynamic>ipsec policy admin user-group
Blackbox/configure/crypto/dynamic/ipsec/policy admin>match address 172.16.0.1 32
Blackbox/configure/crypto/dynamic/ipsec/policy admin> proposal 1
Blackbox/configure/crypto/dynamic/ipsec/policy admin/proposal 1>encryption-algorithm
aes128-cbc
1.
error message saying Bundle is not yet encapped.
Tasman #1
VPN Server
172.16.0.1
IPSEC TUNNEL
VPN Client 2
Local Outer Address:
Dynamic
Local ID:
admin@tasmannetworks
.com
Black Box
blackbox.com