Ipsec Configuration - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
Therefore, you should define an IPSec proposal based on requirements so that you
can associate it with data flows.
3) Defining IPSec policy or IPSec policy group
IPSec policy specifies a certain IPSec proposal for a certain data flow. An IPSec policy
is defined by "name" and "sequence number" uniquely. It falls into two types, manual
IPSec policy and IKE negotiation IPSec policy. The former one is to configure
parameters such as key, and SPI as well as IP addresses of two ends in the tunnel
mode manually. As for the latter one, these parameters are automatically generated by
IKE negotiation.
An IPSec policy group is an aggregation of IPSec policies with identical name but
different sequence numbers. In an IPSec policy group, the smaller the sequence
number is, the higher the priority is.
4) Applying IPSec policies on an interface
Apply all IPSec policies in a group on an interface so as to perform different security
protections on different data flows passing the interface.

7.2 IPSec Configuration

I. Configuring IPSec
1) Configure ACL
2) Configure a security proposal
Create a security proposal (IPSec proposal or card SA proposal)
Specify the encryption card used in the card SA proposal (only applies to
encryption cards)
Select security protocol
Select security algorithm
Select packet encapsulation mode
3) Create security policy (manually or by using IKE)
For manual mode:
Create security policy
Import security proposal into security policy
Import ACL into security policy
Configure starting and end points for tunnel
Configure SPI for SA
Configure SA keys
For IKE mode:
Create security policy using IKE
Import card SA proposal into security policy
Import ACL into security policy
Import IKE peer into security policy
3Com Corporation
7-8
Chapter 7 IPSec Configuration