Step 8: Configure IPSec tunnel to the remote host
Networks1/configure/crypto> ipsec policy Networks2 172.16.0.2
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> match
address 10.0.1.0 24 10.0.2.0 24
message:Default proposal created with priority1-esp-3des-sha1-tunnel and
activated.
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> proposal 1
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2/proposal 1>
encryption-algorithm aes256-cbc
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2/proposal 1>
exit
Networks1/configure/crypto/ipsec/policy Networks2 172.16.0.2> exit
Note:
For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically
created. The inbound tunnel applies the name that you provide for the outbound tunnel and
adds the prefix IN to the name.
Step 9: Display the IPSec policies
Networks1> show crypto ipsec policy all
Networks1> show crypto ipsec policy all detail
Step 10: Configure firewall policies to allow IKE negotiation through
untrusted interface
Networks1/configure> firewall internet
Networks1/configure/firewall internet> policy 1000 in service ike self
Networks1/configure/firewall internet/policy 1000 in> exit
Networks1/configure/firewall internet> exit
Avaya Secure Router 1000 Series Configuration Guide
Example 3: Joining Two Networks with an IPSec Tunnel using Multiple IPSec Proposals
December 2010
151