Black Box LR1114A-T1/E1 Network Router User Manual


  Open as PDF
of 142
 
Black Box LR11xx Series Router Configurations Guide
36
Step 2: As in Step2 of Example 1
Step 3: As in Step3 of Example 1
Step 4: Configure dynamic IKE policy for a group of mobile users
Black Box1/configure> crypto
Black Box1/configure/crypto> dynamic
Black Box1/configure/crypto/dynamic> ike policy sales
Black Box1/configure/crypto/dynamic/ike/policy sales> local-address 172.16.0.1
Black Box1/configure/crypto/dynamic/ike/policy sales> remote-id email-id david@BlackBox.com
david
A new user david is added to the group sales. The default proposal created with priority1-des-sha1-pre_shared-g1 and the Key
String has to be configured by the user.
Black Box1/configure/crypto/dynamic/ike/policy sales> remote-id email-id mike@BlackBox.com
New user mike is added to the group sales
Black Box1/configure/crypto/dynamic/ike/policy sales> key secretkeyforsalesusers
Black Box1/configure/crypto/dynamic/ike/policy sales> proposal 1
Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1> encryption-algorithm
3des-cbc
Black Box1/configure/crypto/dynamic/ike/policy sales/proposal 1> exit
Black Box1/configure/crypto/dynamic/ike/policy sales> client authentication radius pap
Black Box1/configure/crypto/dynamic/ike/policy sales> exit
Black Box1/configure/crypto/dynamic>
Step 5: Display dynamic IKE policies
Black Box1> show crypto dynamic ike policy all
Policy Remote-id Mode Transform Address-Pool
------ --------- ---- --------- ------------
sales U david@Blackbox... Aggressive P1 pre-g1-3des-sha1
Step 6: Display dynamic IKE policies in detail
Black Box1> show crypto dynamic ike policy all detail
Policy name sales, User group name sales
Aggressive mode, Response Only, PFS is not enabled, Shared Key is *****
Client authentication is Radius(PAP)
Local addr: 172.16.0.1, Local ident 172.16.0.1 (ip-address)
Remote idents are david@Blackbox.com (email-id), mike@Blackbox.com (
email-id)
Proposal of priority 1
Encryption algorithm: 3des
Hash Algorithm: sha1
Authentication Mode: pre-shared-key
DH Group: group1
Lifetime in seconds: 86400
Lifetime in kilobytes: unlimited
Step 7: Configure dynamic IPSec policy for a group of mobile users
 previous next