Router1# show crypto ipsec sa all, Policy dest ip spi bytes transform, Router1 – Foundry Networks AR3202-CL User Manual

Page 270: Router1# show crypto ipsec sa all detail, Crypto policy name: insales, Protocol is any, Peer address is 172.16.0.1, pfs group is disabled, Inbound esp sas, Spi: 0xbba97427, Transform: aes256 (key length=256 bits), sha1

Advertising
background image

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 45

Configuring GRE

Generic Routing Encapsulation (GRE) is a standards-based (RFC1701, RFC2784) tunneling protocol that can
encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between
routers at remote points over an IP network. A tunnel is a logical interface that provides a way to encapsulate
passenger packets inside a transport protocol. By connecting multiprotocol subnetworks in a single-protocol
backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone
environment.

IPSec and GRE complement each other well, while IPSec provides a secure method of transporting data across
the internet GRE provides the capability to transport routing protocols (for example: OSPF) that use broadcast and
multicast.

Router1# show crypto ipsec sa all

Policy Dest IP Spi Bytes Transform

------ ------- --- ----- ---------

INsales 172.16.0.1 0xbba97427 840 esp-aes-sha1-tunl

sales 192.168.107.105 0xcb0e23f3 560 esp-aes-sha1-tunl

Router1#

Router1# show crypto ipsec sa all detail

Crypto Policy name: INsales

Protocol is Any

Local ident(ip/mask/port): (20.1.1.1/255.255.255.255/any)

Remote ident(ip/mask/port): (10.0.1.0/255.255.255.0/any)

Peer Address is 172.16.0.1, PFS Group is disabled

inbound ESP sas

Spi: 0xbba97427

Transform: aes256 (key length=256 bits), sha1

In use settings = {tunnel}

Bytes Processed 840

Hard lifetime in seconds 28750, Hard lifetime in kilobytes is

unlimited

Soft lifetime in seconds 0, Soft lifetime in kilobytes is

unlimited

Crypto Policy name: sales

Protocol is Any

Local ident(ip/mask/port): (10.0.1.0/255.255.255.0/any)

Remote ident(ip/mask/port): (20.1.1.1/255.255.255.255/any)

Peer Address is 192.168.107.105, PFS Group is disabled

outbound ESP sas

Spi: 0xcb0e23f3

Transform: aes256 (key length=256 bits), sha1

In use settings = {tunnel}

Bytes Processed 560

Hard lifetime in seconds 28750, Hard lifetime in kilobytes is

unlimited

Soft lifetime in seconds 28720, Soft lifetime in kilobytes is

unlimited

Advertising
This manual is related to the following products:

AR1208, AR3201-CL, AR3201, AR3202, AR1216, AR1204

Popular Brands
Popular manuals