Step 8: Configure Ipsec Tunnel To The Remote Host; Step 9: Display The Ipsec Policies; Step 10: Configure Firewall Policies To Allow Ike Negotiation Through Untrusted Interface - Avaya 1000 Series Configuration Manual

Step 8: Configure IPSec tunnel to the remote host

Networks1/configure/crypto> ipsec policy Networks2 172.16.0.2
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> match
address 10.0.1.0 24 10.0.2.0 24
message:Default proposal created with priority1-esp-3des-sha1-tunnel and
activated.
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> proposal 1
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2/proposal 1>
encryption-algorithm aes256-cbc
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2/proposal 1>
exit
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> exit
Note:
For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically
created. The inbound tunnel applies the name that you provide for the outbound tunnel and
adds the prefix IN to the name.

Step 9: Display the IPSec policies

Networks1> show crypto ipsec policy all
Networks1> show crypto ipsec policy all detail
Step 10: Configure firewall policies to allow IKE negotiation through
untrusted interface
Networks1/configure> firewall internet
Networks1/configure/firewall internet> policy 1000 in service ike self
Networks1/configure/firewall internet/policy 1000 in> exit
Networks1/configure/firewall internet> exit
Avaya Secure Router 1000 Series Configuration Guide
Example 3: Joining Two Networks with an IPSec Tunnel using Multiple IPSec Proposals
December 2010 151