Ike Configuration Example; Troubleshooting Ike; Invalid User Id Information - 3Com 3032 Configuration Manual

3com 3032: user guide

Hide thumbs Also See for 3032:

Command reference manual (101 pages)

Installation manual (50 pages)

Supplementary manual (31 pages)

Table of Contents

IKE Configuration

Hosts A and B communicates securely, and a security channel is established

with IKE automatic negotiation between security gateways A and B.

Configure an IKE policy on Gateway A, with Policy 10 is of highest priority and

the default IKE policy is of the lowest priority.

Pre-shared key authentication algorithm is adopted.

Figure 177 Networking diagram of IKE configuration example

202.38.160.1

Security Gateway A

1 Configure Security Gateway A.

a Configure a IKE Policy 10

[RouterA]ike proposal 10

b Specify the hashing algorithm used by IKE policy as MD5

[RouterA-ike-proposal-10] authentication-algorithm md5

c Use pre-shared key authentication method

[RouterA-ike-proposal-10] authentication-method pre-share

d Configure "abcde" for peer 171.69.224.33

[RouterA] ike pre-share-key abcde remote 171.69.224.33

e Configure IKE SA lifetime to 5000 seconds

[RouterA-ike-proposal-10] sa duration 5000

2 Configure Security Gateway B.

a Use default IKE policy on Gateway B and configure the peer authentication

[RouterB] ike pre-share-key abcde remote 202.38.160.1

These steps configure IKE negotiation. To establish an IPSec security channel for

secure communication, it is necessary to configure IPSec correspondingly. For

detailed contents, see the configuration examples in IPSec Configuration.

When configuring parameters to establish IPSec security channel, you can use the

debugging ike error

User ID information is the data for the user originating IPSec communication to

identify itself. In practical applications user ID establishes a different security path

171.69.224.33

command to enable error debugging of IKE.