IPSec Configuration Example 579

lApply security policy group on serial interface

[RouterA]interface serial 0 [RouterA-Serial0]ipsec policy policy1

[RouterA-Serial0]ip address 202.38.163.1 255.255.255.0

mConfigure the route.

[RouterA] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1

2Configure Router B:

aConfigure an access list and define the data stream from Subnet 10.1.2x to Subnet 10.1.1x.

[RouterB] acl 101

[RouterB-acl-101]rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

[RouterB-acl-101]rule deny ip source any destination any

bCreate the IPSec proposal view named tran1

[RouterB] ipsec proposal tran1

cAdopt tunnel mode as the message-encapsulating form

[RouterB-ipsec-proposal-tran1] encapsulation-mode tunnel

dAdopt ESP protocol as security protocol

[RouterB-ipsec-proposal-tran1] transform esp-new

eSelect authentication algorithm and encryption algorithm

[RouterB-ipsec-proposal-tran1]esp-new encryption-algorithm des

[RouterB-ipsec-proposal-tran1]esp-new authentication-algorithm

sha1-hmac-96

fCreate a security policy with negotiation mode as manual

[RouterB] ipsec policy use1 10 manual

gQuote access list

[RouterB-ipsec-policy-use1-10] security acl 101

hQuote IPSec proposal

[RouterB-ipsec-policy-use1-10] proposal tran1

iSet local and remote addresses

[RouterB-ipsec-policy-use1-10] tunnel local 202.38.162.1

[RouterB-ipsec-policy-use1-10] tunnel remote 202.38.163.1

jSet SPI

[RouterB-ipsec-policy-use1-10] sa outbound esp spi 54321

[RouterB-ipsec-policy-use1-10] sa inbound esp spi 12345

kSet session key

[RouterB-ipsec-policy-use1-10]sa outbound esp string-key gfedcba

[RouterB-ipsec-policy-use1-10]sa inbound esp string-key abcdefg

lExit to system view

[RouterB-ipsec-policy-use1-10] quit

mEnter serial interface view

[RouterB] interface serial 0

nApply security policy group on serial interface

Page 583
Image 583
3Com 10014299 manual Apply security policy group on serial interface, Configure the route, Exit to system view