Example For Employing Encryption Cards For Ipsec Services - 3Com MSR 50 Series Configuration Manual

1896 C 100: IPS
HAPTER EC
Example for Employing
Encryption Cards for
IPSec Services
C
ONFIGURATION
# Create an IPSec policy, specifying to use the IKE negotiation mode.
[RouterB] ipsec policy use1 10 isakmp
# Apply the ACL.
[RouterB-ipsec-policy-isakmp-use1-10] security acl 3101
# Apply the IPSec proposal.
[RouterB-ipsec-policy-isakmp-use1-10] proposal tran1
# Apply the IKE peer.
[RouterB-ipsec-policy-isakmp-map1-10] ike-peer peer
[RouterB-ipsec-policy-isakmp-use1-10] quit
# Configure the IP address of the serial interface.
[RouterB] interface serial 2/2
[RouterB-Serial2/2] ip address 2.2.3.1 255.255.255.0
# Apply the IPSec policy group to the interface.
[RouterB-Serial2/2] ipsec policy use1
After above configuration, IKE negotiation will be triggered to set up SAs when
there is any traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. If IKE
negotiation succeeds and SAs are set up, the traffic between the two subnets will
be IPSec protected.
Network requirements
As shown in Figure
■
cards between Router A and Router B to protect data flows between subnet
10.1.1.0/24 (represented by Host A) and subnet 10.1.2.0/24 (represented by
Host B).
The security protocol to be used is ESP, encryption algorithm is DES, and
■
authentication algorithm is SHA1-HMAC-96. Use IKE negotiation mode to
establish SAs.
552, an IPSec tunnel is established through encryption