IKE Configuration Example 593

IKE Configuration

Hosts A and B communicates securely, and a security channel is established

Example

 

with IKE automatic negotiation between security gateways A and B.

 

Configure an IKE policy on Gateway A, with Policy 10 is of highest priority and

 

 

the default IKE policy is of the lowest priority.

 

Pre-shared key authentication algorithm is adopted.

 

Figure 177 Networking diagram of IKE configuration example

 

 

 

Serial 0

Serial 0

 

202.38.160.1

171.69.224.33

 

 

 

 

 

 

 

 

 

Internet

 

 

Security Gateway A

Security Gateway B

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Host A

Host B

1Configure Security Gateway A.

aConfigure a IKE Policy 10

[RouterA]ike proposal 10

bSpecify the hashing algorithm used by IKE policy as MD5

[RouterA-ike-proposal-10]authentication-algorithm md5

cUse pre-shared key authentication method

[RouterA-ike-proposal-10]authentication-method pre-share

dConfigure “abcde” for peer 171.69.224.33

[RouterA] ike pre-share-key abcde remote 171.69.224.33

eConfigure IKE SA lifetime to 5000 seconds

[RouterA-ike-proposal-10] sa duration 5000

2Configure Security Gateway B.

aUse default IKE policy on Gateway B and configure the peer authentication word.

[RouterB] ike pre-share-key abcde remote 202.38.160.1

These steps configure IKE negotiation. To establish an IPSec security channel for secure communication, it is necessary to configure IPSec correspondingly. For detailed contents, see the configuration examples in IPSec Configuration.

Troubleshooting IKE When configuring parameters to establish IPSec security channel, you can use the debugging ike error command to enable error debugging of IKE.

Invalid user ID information

User ID information is the data for the user originating IPSec communication to identify itself. In practical applications user ID establishes a different security path

Page 597
Image 597
3Com 10014299 manual IKE Configuration, Invalid user ID information