Black Box LR1102A-T1/E1 User Manual

Example 5: IPSec remote access

43

Black Box1> show crypto dynamic ipsec policy all detail

Policy sales is enabled, Modeconfig Group

Action is Apply

Key Management is Automatic

PFS Group is disabled

Match Address:

Protocol is Any

Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)

Destination ip address (ip/mask/port): (any/any/any)

Proposal of priority 1

Protocol: esp

Mode: Tunnel

Encryption Algorithm: aes256(key length=256 bits)

Hash Algorithm: sha1

Lifetime in seconds: 3600

Lifetime in Kilobytes: 4608000

Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also

enabled)

Black Box1/configure> firewall internet

Black Box1/configure/firewall internet> policy 1000 in service ike self

Black Box1/configure/firewall internet/policy 1000 in> exit

Black Box1/configure/firewall internet> exit

Step 11: Display firewall policies in the internet map (applicable only if firewall license is enabled)

Black Box1> show firewall policy internet

Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,

R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,

E - Policy Enabled, M - Smtp-Filter

Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced

--- --- ----------- ---------------- ----------------- ------ --------

1000 in any any ike PERMIT SE

1024 out any any any any any PERMIT SE

Step 12: Display firewall policies in the internet map in detail (applicable only if firewall license is enabled)