Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843200/3484
Max received sequence-number:
Anti-replay check enable: Y
Anti-replay window size: 64
UDP encapsulation used for NAT traversal: N
Status: Active
[Outbound ESP SAs]
SPI: 738451674 (0x2c03e0da)
Connection ID: 2
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843200/3484
Max received sequence-number:
UDP encapsulation used for NAT traversal: N
Status: Active
# Display the IKE SA and IPsec SAs on Device B.
[DeviceB] display ike sa
[DeviceB] display ipsec sa
Aggressive mode with RSA signature authentication
configuration example
This configuration example is not available when the device is operating in FIPS mode.
Network requirements
As shown in
secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
Configure Device A and Device B to use aggressive mode for IKE negotiation phase 1 and use RSA
signature authentication. Device A acts as the initiator because the subnet where Device A resides is
dynamically allocated.
Figure 110 Network diagram
Figure
110, configure an IKE-based IPsec tunnel between Device A and Deice B to
346