Router1# show crypto ipsec sa all detail, Crypto policy name: inrouter2, Protocol is any – Foundry Networks AR3202-CL User Manual

Foundry AR-Series Router User Guide

15 - 10

© 2004 Foundry Networks, Inc.

June 2004

Example 2: Joining Two Private Networks with an IP Security Tunnel

The following example demonstrates how to form an IP security tunnel to join two private networks: 10.0.1.0/24
and 10.0.2.0/24. The security requirements are as follows:

•

Phase 1: 3DES with SHA1

•

Phase 2: IPSec ESP with AES (256-bit) and HMAC-SHA1

Router1# show crypt

o ipsec sa all detail

Crypto Policy name: INRouter2

Protocol is Any

Local ident(ip/mask/port): (10.0.2.0/255.255.255.0/any)

Remote ident(ip/mask/port): (172.16.0.1/255.255.255.255/any)

Peer Address is 172.16.0.1, PFS Group is disabled

inbound ESP sas

Spi: 0xe8453c2b

Transform: aes128 (key length=128 bits), sha1

In use settings = {tunnel}

Bytes Processed 256

Hard lifetime in seconds 3290, Hard lifetime in kilobytes

413696

Soft lifetime in seconds 0, Soft lifetime in kilobytes is

unlimited

Crypto Policy name: Router2

Protocol is Any

Local ident(ip/mask/port): (172.16.0.1/255.255.255.255/any)

Remote ident(ip/mask/port): (10.0.2.0/255.255.255.0/any)

Peer Address is 172.16.0.2, PFS Group is disabled

outbound ESP sas

Spi: 0xa1f673aa

Transform: aes128 (key length=128 bits), sha1