Foundry/ configure# ip route 40.1.1.0 24 t0, Foundry/ configure > firewall internet, Foundry configure# firewall corp – Foundry Networks AR3202-CL User Manual

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 49

3.

Configure the routes:

4.

Define the policy:

5.

Check the status of the tunnel by entering:

Foundry# show ip interface tunnel t0

Step 6:Validate the tunnel configuration by entering:

Foundry# show crypto ipsec policy all

Or enter:

Foundry# show crypto ike policy all

With the tunnel properly configured and working, users on one side of the tunnel can ping users on the other side.

Configuring GRE Site to Site with IPSec and OSPF

This example extends the previous IPSec configuration example by enabling Open Shortest Path First (OSPF)
protocol which provides redundant paths for the tunnel.

1.

To enable OSPF, add to the Foundry configuration above:

2.

Add to the Cisco configuration above:

3.

To verify the OSPF configuration, enter:

Foundry# show ip ospf interface all

Foundry/ configure# ip route 0.0.0.0 0.0.0.0 192.168.94.254

Foundry/ configure# ip route 40.1.1.0 24 t0

Foundry/ configure > firewall internet

Foundry/configure/firewall internet# policy 100 in proto gre self

Foundry/configure/firewall internet/policy 100 in# exit

Foundry/configure/firewall internet# policy 101 in service ike self

Foundry/configure/firewall internet/policy 101 in# exit 2

Foundry configure# firewall corp

Foundry/configure/firewall corp# policy 100 in self

Foundry# configure terminal

Foundry/configure# router routerid 2.2.2.2

Foundry/configure# router ospf

Foundry/configure/router/ospf# interface t0 area 0

Foundry/configure/router/ospf# exit

cisco > config t

cisco(config)#router ospf 1

cisco(config-router)# network 103.1.1.0 0.0.0.255 area 0