Configuring Ipsec With Ipsec Tunnel Interfaces Example - HP A6600 Configuration Manual

Configuring IPsec with IPsec tunnel interfaces example

Network requirements
As shown in
obtains the IP address dynamically, and the headquarters access the Internet by using a fixed IP
address.
Configure an IPsec tunnel to protect the traffic between the branch and the headquarters. Make sure that
the IPsec configuration of the headquarters' gateway remains relatively stable despite changes of the
branch's private IP address segment.
To meet the requirements, configure an IPsec tunnel interface on each router, and configure a static route
on each router to route the packets destined to the peer to the IPsec tunnel interface for IPsec protection.
Figure 97 Network diagram for setting up an IPsec tunnel with IPsec tunnel interfaces
Configuation procedure
Configure Router A.
1.
# Name the local gateway routera.
<RouterA> system-view
[RouterA] ike local-name routera
# Configure an IKE peer named atob. Because the local peer obtains the IP address automatically, set
the IKE negotiation mode to aggressive.
[RouterA] ike peer atob
[RouterA-ike-peer-atob] exchange-mode aggressive
[RouterA-ike-peer-atob] pre-shared-key simple aabb
[RouterA-ike-peer-atob] id-type name
[RouterA-ike-peer-atob] remote-name routerb
[RouterA-ike-peer-atob] quit
# Create an IPsec proposal named method1. This proposal uses the default settings: the security protocol
of ESP, the encryption algorithm of DES, and the authentication algorithm of MD5.
[RouterA] ipsec proposal method1
[RouterA-ipsec-proposal-method1] quit
# Create an IPsec profile named atob.
[RouterA] ipsec profile atob
# Configure the IPsec profile to reference the IKE peer.
[RouterA-ipsec-profile-atob] ike-peer atob
Figure 97, the gateway of the branch accesses the Internet through a dial-up line and
275