Step 1: as in step1 of example 1 – Black Box LR1102A-T1/E1 User Manual

Example 4: IPSec remote access

35

Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2>

encryption_algorithm aes256-cbc

Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2> exit

Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> exit

Black Box1/configure/crypto> exit

Black Box1/configure>

Step 8: Display the IPSec policies

Use the

show crypto ipsec policy all

command.

Step 9: Repeat steps 1 - 8 with suitable modifications on Black Box2 prior to passing bi-directional traffic.

Step 10: Test the IPSec tunnel between Black Box1 and Black Box2 by passing traffic from the 10.0.1.0 network to the
10.0.2.0 network

Step 11: After traffic is passed through the tunnel, display the IKE and IPSec SA tables.

Use the

show crypto ike sa all

and

show crypto ipsec sa all

commands.

4.5 Example 4: IPSec remote access to corporate LAN

using user group method

The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using user group
method with extended authentication (XAUTH) for remote VPN clients. The client could be any standard IPSec VPN client.

In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The security
requirements are as follows:

Phase 1: 3DES with SHA1, Xauth (Radius PAP)

Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1

Step 1: As in Step1 of Example 1

Tasman #1

VPN Server

172.16.0.1

Corporate

Headquarters

10.0.1.0/24

IPSEC TU

NNEL

VPN Client 1

Local Address: Dynamic

Local ID:

david@tasmannetworks.

com

IPSEC TUNNEL

VPN Client 2

Local Address: Dynamic

Local ID:

mike@tasmannetworks.

com

blackbox.com

blackbox.com

blackbox 1