Example For Configuring Ipsec/Ike To Work With Adsl - 3Com MSR 50 Series Configuration Manual

Example for Configuring
IPSec/IKE to Work with
ADSL
Network requirements
Deploying IPSec in combination with ADSL, this example reflects a popular
application of IPSec.
Router B is connected to the DLSAM access side of the public network directly
■
through ADSL as the client of PPPoE. As Router B can obtain only private
address from its ISP, you need to configure NAT traversal on both Router A and
Router B.
The headquarters LAN is connected to the ATM network through Router A.
■
To ensure information security, IPSec/IKE is adopted to create an IPSec tunnel.
■
For more information about ADSL and DCC configurations, refer to
an ADSL Interface" on page 79
Network diagram
Figure 557 Network diagram for IPSec/IKE with ADSL
ADSL line
Eth1/0
192.168 .0.1/24
ATM1/0
Router B
PPPoE client
Branch
Configuration procedure
1 Configure Router A
# Specify a name for the local security gateway.
<RouterA> system-view
[RouterA] ike local-name routera
# Configure an ACL.
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule 0 permit ip source 172.16.0.0 0.0.0.255
destination 192.168.0.0 0.0.0.255
[RouterA-acl-adv-3101] quit
# Configure an IKE proposal.
[RouterA] ike proposal 1
[RouterA-ike-proposal-1] authentication-algorithm sha
[RouterA-ike-proposal-1] authentication-method pre-share
[RouterA-ike-proposal-1] encryption-algorithm 3des-cbc
[RouterA-ike-proposal-1] dh group2
# Configure an IKE peer.
[RouterA] ike peer peer
[RouterA-ike-peer-peer] exchange-mode aggressive
[RouterA-ike-peer-peer] pre-shared-key abc
[RouterA-ike-peer-peer] id-type name
and "DCC Configuration" on page
NAT
S2/0
100.1.1.1/24
Internet
IKE Configuration Example
"Configuring
153.
Eth1/0
172 .16 .0 .1/24
Router A
Headquarters
1913