3Com 10014299 IPSec Configuration Example

IPSec Configuration Example 577

Displaying and Debugging the crypto card

Use the debugging, reset and display command in all views.

Tabl e 655 Display and Debug NDEC Card

IPSec Configuration

Example The following sections demonstrate the following IPSec configurations:

■Creating an SA Manually

■Creating an SA in IKE Negotiation Mode

■Encrypting, Decrypting, and Authenticating NDEC Cards

Creating an SA Manually Establish a security tunnel between Router-A and Router-B to perform security

protection for the data streams between PC-A represented subnet (10.1.1.x) and

PC-B represented subnet (10.1.2.x). The security protocol adopts ESP protocol,

algorithm adopts DES, and authentication algorithm adopts sha1-hmac-96.

Operation Command

Display the detailed information of crypto

cards (applicable to crypto cards) display encrypt-card details [

slot-id ]

Display all established Security Association

on crypto card (applicable to crypto card) display encrypt-card ipsec sa all [

slot-id ]

Display a specified Security Association on

crypto card (applicable to crypto card) display encrypt-card ipsec sa

parameters remote-address protocol

spi-number

Display statistical information of the

security packets processing on crypto card

(applicable to crypto card)

display encrypt-card statistic [

slot-id ]

Display current operating status of crypto

card (applicable to crypto card) display encrypt-card status [ slot-id

]

Display current operating logging of

crypto card (applicable to crypto card) display encrypt-card syslog [ slot-id

]

Display version number of crypto card

(applicable to crypto card) display encrypt-card version [

slot-id ]

Delete all established Security Association

(applicable to crypto card) reset encrypt-card sa all [ slot-id ]

Delete the specified Security Association

on crypto card (applicable to crypto card) reset encrypt-card sa parameters

remote-address protocol spi-number

Clear the statistical information of security

packets on crypto card (applicable to

crypto card)

reset encrypt-card statistic [

slot-id ]

Clear all the logging information on the

crypto card (applicable to crypto cards) reset encrypt-card syslog [ slot-id ]

Enable the debugging of information,

packets, SA, command, error and other

information (applicable to crypto cards)

debugging encrypt-card { all | packet

| sa | command | error | misc } [

slot-id ]

Enable the debugging of the main

software on the crypto card (applicable to

crypto cards)

debugging encrypt-card host { all |

packet | sa | command | error | misc

}