crypto untrusted
exit
Procedure steps
1.
To display the tunnel configuration, enter:
show interface tunnel
Verify that the source interface is an interface name, not an IP address, and that
the crypto type is untrusted.
2. To display the IP interfaces, enter:
show ip interface brief
Under the Method column, verify that the IP address for the public interface was
obtained using DHCP.
3. When the tunnel protection command is applied to a tunnel interface, the
command creates an IKE policy with the following default attributes:
• Encryption algorithm: 3des
• Hash Algorithm: sha1
• Authentication Mode: pre-shared-key
• DH Group: group2
The tunnel protection command also creates an IPSec policy with the
following default attributes:
• Protocol: esp
• Mode: transport
• Encryption Algorithm: 3des
• Hash Algorithm: sha1-hmac
A sample configuration is as follows:
interface tunnel toNVR
tunnel protection policy1 avaya123
The auto-created IKE and IPsec policies can be modified and saved to suit the
deployment needs.
Note:
In order to interoperate with the Avaya VPN Router at the head office, IKE and
IPsec proposals have to be modified. For details, see Secure Router to Avaya
VPN router interoperability tips on page 221
.
4. To display the IKE policy details, enter:
show crypto ike policy all detail
Verify the local address is 0.0.0.0.
5. To display the IPSec policy details, enter:
Troubleshooting security
220 Troubleshooting August 2013
Comments? infodev@avaya.com
To Next Page
Loading...
