Method used to view the IPSec security proposal information on USG firewalls

1

The common IPSec maintenance command used on USG firewalls is as follows:
display ipsec proposal //Display the configuration of IPSec security proposal.

Other related questions:
Method used to view the IKE security proposal information on USG firewalls
The common IPSec maintenance command used on USG firewalls is as follows: display ike proposal //Display the configuration of IKE security proposal.

Method used to view the security association information on USG firewalls
The common IPSec maintenance command used on USG firewalls is as follows: display ipsec sa //Display the security association configuration.

Method used to view the license information on USG firewalls
On the USG2000, USG5000, and USG6000, you can run the display license command to view the license information. display license Device ESN is: 210235XXXXXXXXXXX The file activated is : hda1:/license.dat //Activated license file The time when activated is : 2010/08/31 11:23:45 //System time when the license file is activated. You can determine whether the license file is activated. VFW: 100 SSL VPN Concurrent User : 500 Content Filtering: Enabled GTP: Enabled IPS: Enabled; service expire time: 2012/06/16 Anti Virus : Enabled; service expire time: 2012/06/16 Anti Spam: Enabled; service expire time: 2012/06/16 Pre-defined URL category query: Enabled; service expire time: 2012/06/16 //License expiration time

Method used to view the IKE peer information on USG firewalls
The common IPSec maintenance command used on USG firewalls is as follows: Display ike peer //Display the configuration of the IKE peer.

Configuration of the security association on the USG firewalls
Configuration of the security association on the USG firewalls Create an IPSec SA in IKE negotiation mode. 1. The communication between network A and network B requires an IPSec tunnel, established between USG_A and USG_B, to encrypt and transmit data. The internal network segment of network A is 10.1.1.0/24, and the USA public IP address is 202.38.163.1/24. The internal network segment of network B is 10.1.2.0/24, and the public IP address is 202.38.169.1/24. Network A---USG_A----INTERNET----USG_B---Network B 2. The configuration procedure is as follows: [USG_A] acl 3000 //Configure ACL rules used to match the sensitive traffic. [USG_A-acl-adv-3000] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 [USG_A-acl-adv-3000] quit [USG_A] ip route-static 10.1.2.0 255.255.255.0 202.38.163.2 //Configure the route. [USG_A] ipsec proposal tran1 //Configure the IPSec security proposal. [USG_A-ipsec-proposal-tran1] encapsulation-mode tunnel [USG_A-ipsec-proposal-tran1] transform esp [USG_A-ipsec-proposal-tran1] esp authentication-algorithm sha1 [USG_A-ipsec-proposal-tran1] esp encryption-algorithm aes [USG_A-ipsec-proposal-tran1] quit [USG_A] ike proposal 10 //Configure the IKE security proposal. [USG_A-ike-proposal-10] authentication-method pre-share [USG_A-ike-proposal-10] authentication-algorithm sha1 [USG_A-ike-proposal-10] integrity-algorithm hmac-sha1-96 [USG_A-ike-proposal-10] quit [USG_A] ike peer b //Configure the IKE peer. [USG_A-ike-peer-b] ike-proposal 10 [USG_A-ike-peer-b] remote-address 202.38.169.1 [USG_A-ike-peer-b] pre-shared-key abcde [USG_A-ike-peer-b] quit [USG_A] ipsec policy map1 10 isakmp //Configure IPSec security policies. [USG_A-ipsec-policy-isakmp-map1-10] security acl 3000 [USG_A-ipsec-policy-isakmp-map1-10] proposal tran1 [USG_A-ipsec-policy-isakmp-map1-10] ike-peer b [USG_A-ipsec-policy-manual-map1-10] quit [USG_A] interface GigabitEthernet 0/0/2 [USG_A-GigabitEthernet0/0/2] ipsec policy map1 //Apply the security policies to the interface. [USG_B] acl 3000 //Configure ACL rules used to match the sensitive traffic. [USG_B-acl-adv-3000] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 [USG_B-acl-adv-3000] quit [USG_B] ip route-static 10.1.1.0 255.255.255.0 202.38.169.2 //Configure the route. [USG_B] ipsec proposal tran1 //Configure the IPSec security proposal. [USG_B-ipsec-proposal-tran1] encapsulation-mode tunnel [USG_B-ipsec-proposal-tran1] transform esp [USG_B-ipsec-proposal-tran1] esp authentication-algorithm sha1 [USG_B-ipsec-proposal-tran1] esp encryption-algorithm aes [USG_B-ipsec-proposal-tran1] quit [USG_B] ike proposal 10 //Configure the IKE security proposal. [USG_B-ike-proposal-10] authentication-method pre-share [USG_B-ike-proposal-10] authentication-algorithm sha1 [USG_B-ike-proposal-10] integrity-algorithm hmac-sha1-96 [USG_B-ike-proposal-10] quit [USG_B] ike peer a //Configure the IKE peer. [USG_B-ike-peer-a] ike-proposal 10 [USG_B-ike-peer-a] remote-address 202.38.163.1 [USG_B-ike-peer-a] pre-shared-key abcde [USG_B-ike-peer-a] quit [USG_B] ipsec policy map1 10 isakmp //Configure IPSec security policies. [USG_B-ipsec-policy-isakmp-map1-10] security acl 3000 [USG_B-ipsec-policy-isakmp-map1-10] proposal tran1 [USG_B-ipsec-policy-isakmp-map1-10] ike-peer a [USG_B-ipsec-policy-isakmp-map1-10] quit [USG_B] interface GigabitEthernet 0/0/2 [USG_B-GigabitEthernet0/0/2] ipsec policy map1 //Apply the security policies to the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top