IPSec Configuration Example 577

Displaying and Debugging the crypto card

Use the debugging, reset and display command in all views.

Table 655 Display and Debug NDEC Card

Operation

Command

 

 

Display the detailed information of crypto

display encrypt-card details [

cards (applicable to crypto cards)

slot-id ]

 

 

Display all established Security Association

display encrypt-card ipsec sa all [

on crypto card (applicable to crypto card)

slot-id ]

 

 

Display a specified Security Association on

display encrypt-card ipsec sa

crypto card (applicable to crypto card)

parameters remote-address protocol

 

spi-number

 

 

Display statistical information of the

display encrypt-card statistic [

security packets processing on crypto card

slot-id ]

(applicable to crypto card)

 

 

 

Display current operating status of crypto

display encrypt-card status [ slot-id

card (applicable to crypto card)

]

 

 

Display current operating logging of

display encrypt-card syslog [ slot-id

crypto card (applicable to crypto card)

]

 

 

Display version number of crypto card

display encrypt-card version [

(applicable to crypto card)

slot-id ]

 

 

Delete all established Security Association

reset encrypt-card sa all [ slot-id ]

(applicable to crypto card)

 

 

 

Delete the specified Security Association

reset encrypt-card sa parameters

on crypto card (applicable to crypto card)

remote-address protocol spi-number

 

 

Clear the statistical information of security

reset encrypt-card statistic [

packets on crypto card (applicable to

slot-id ]

crypto card)

 

 

 

Clear all the logging information on the

reset encrypt-card syslog [ slot-id]

crypto card (applicable to crypto cards)

 

 

 

Enable the debugging of information,

debugging encrypt-card { all packet

packets, SA, command, error and other

sa command error misc } [

information (applicable to crypto cards)

slot-id ]

 

 

 

Enable the debugging of the main

debugging encrypt-card host { all

software on the crypto card (applicable to

packet sa command error misc

crypto cards)

}

 

 

IPSec Configuration Example

Creating an SA Manually

The following sections demonstrate the following IPSec configurations:

Creating an SA Manually

Creating an SA in IKE Negotiation Mode

Encrypting, Decrypting, and Authenticating NDEC Cards

Establish a security tunnel between Router-A and Router-B to perform security protection for the data streams between PC-A represented subnet (10.1.1.x) and PC-B represented subnet (10.1.2.x). The security protocol adopts ESP protocol, algorithm adopts DES, and authentication algorithm adopts sha1-hmac-96.

Page 581
Image 581
3Com 10014299 manual IPSec Configuration Example, Displaying and Debugging the crypto card, Creating an SA Manually