Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
321322323324325326327328329330
XSR Users Guide 289
Chapter 11 Interoperability Profile for the XSR
Configuring the Virtual Private Network
Reply from 172.23.9.5: 10ms
Reply from
172.23.9.5: 10ms
Reply from
172.23.9.5: 10ms
Packets: Sent = 5, Received = 5, Lost = 0
You can also issue the following show commands to examine Phase 1 and
Phase 2 settings, respectively. When the tunnel is up, the commands will
display the following output:
XSR#show crypto isakmp sa
Connection-ID State Source Destination Lifetime
------------ ---------------- ----------- -------
4561 QM_IDLE 14.15.16.17 22.23.24.25 28000
XSR#show crypto ipsec sa
14.15.16.0/24, ANY, 0 ==> 22.23.24.0/24, ANY, 0 : 92 packets
ESP: SPI=190d1f5f, Transform=3DES/HMAC-SHA, Life=3600S/0KB
Scenario 2: Gateway-to-Gateway with Certificates
The following is a typical gateway-to-gateway VPN that uses certificates for
authentication, as illustrated in Figure 51.
Figure 51 Gateway-toGateway with Certificates Topology
Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway
A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface
has the address 14.15.16.17.
Internet
AL
10.5.6.1
AW
14.15.16.17
BW
22.23.24.25
BL
172.23.9.1
172.23.9.0/24
10.5.6.0/24
Gateway A
Gateway B