Router1# show crypto ipsec policy all detail, Peer address is 172.16.0.2, action is apply, Key management is automatic – Foundry Networks AR3202-CL User Manual
Page 248: Pfs group is disabled, Match address, Protocol is any, Proposal of priority 1, Protocol: esp, Mode: tunnel, Encryption algorithm: des
Security Features
June 2004
© 2004 Foundry Networks, Inc.
15 - 23
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface
(applicable only if firewall license is also enabled):
Router1# show crypto ipsec policy all detail
Policy name Router2 is enabled, Direction is outbound
Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic
PFS Group is disabled
Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/
any)
Destination ip address (ip/mask/port): (10.0.2.0/
255.255.255.0/any)
Proposal of priority 1
Protocol: esp
Mode: tunnel
Encryption Algorithm: des
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Proposal of priority 2
Protocol: esp
Mode: tunnel
Encryption Algorithm: aes256(key length=256 bits)
Hash Algorithm: sha1
Lifetime in seconds: 3600
Lifetime in Kilobytes: 4608000
Policy name INRouter2 is enabled, Direction is inbound
Peer Address is 172.16.0.2, Action is Apply
Key Management is Automatic
PFS Group is disabled
Match Address:
Protocol is Any
Source ip address (ip/mask/port): (10.0.2.0/255.255.255.0/
any)
Router1/configure# firewall internet
Router1/configure/firewall internet# policy 1000 in service ike self
Router1/configure/firewall internet/policy 1000 in# exit
Router1/configure/firewall internet# exit