Filter
Top Products
Example 4: IPSec remote access
35
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2>
encryption_algorithm aes256-cbc
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2> exit
Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> exit
Black Box1/configure/crypto> exit
Black Box1/configure>
Step 8: Display the IPSec policies
Use the show crypto ipsec policy all command.
Step 9: Repeat steps 1 - 8 with suitable modifications on Black Box2 prior to passing bi-directional traffic.
Step 10: Test the IPSec tunnel between Black Box1 and Black Box2 by passing traffic from the 10.0.1.0 network to the
10.0.2.0 network
Step 11: After traffic is passed through the tunnel, display the IKE and IPSec SA tables.
Use the show crypto ike sa all and show crypto ipsec sa all commands.
4.5 Example 4: IPSec remote access to corporate LAN
using user group method
The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using user group
method with extended authentication (XAUTH) for remote VPN clients. The client could be any standard IPSec VPN client.
In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The security
requirements are as follows:
Phase 1: 3DES with SHA1, Xauth (Radius PAP)
Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1
Step 1: As in Step1 of Example 1
Tasman #1
VPN Server
172.16.0.1
Corporate
Headquarters
10.0.1.0/24
I
P
S
E
C
T
U
N
N
E
L
VPN Client 1
Local Address: Dynamic
Local ID:
david@tasmannetworks
.
com
I
P
S
E
C
T
U
N
N
E
L
VPN Client 2
Local Address: Dynamic
Local ID:
mike@tasmannetworks.
com
blackbox.com
blackbox.com
blackbox 1