Filter
Top Products
Black Box LR11xx Series Router Configurations Guide
40
Black Box1> show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter
Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1000 in any 10.0.1.0/24 any any any PERMIT E
1022 out any any any any any PERMIT SE
1023 in any any any any any PERMIT SE
1024 out any any any any any PERMIT E
Step 16: Display firewall policies in the corp map in detail (applicable only if firewall license is enabled)
4.1Example 5: IPSec remote access to corporate LAN
using mode configuration method
The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using
mode-configuration method. The client could be any standard mode configuration enabled IPSec VPN client.
In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The server has a
pool of ip addresses from 20.1.1.100 through 20.1.1.150 to be allocated for mode configuration enabled VPN clients. The
assigned IP address will be used by the VPN client as the source address in the inner IP header. The outer IP header will carry
the dynamic IP address assigned by the Internet Service Provider as the source address. The security requirements are as
follows:
Phase 1: 3DES with SHA1, Mode Configuration
Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1