Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
Table 7-9 Configure tunnel start/end point
Configure local address in the IPSec policy
Delete the local address configured in the IPSec
policy
Configure peer address in the IPSec policy.
Delete the peer address configured in the IPSec
policy.
With respect to an IPSec policy set up manually, only if both local and peer addresses
are correctly configured, can a security tunnel be set up. As ISAKMP SA can
automatically obtain local and peer addresses, it does not require the configuration of
local or peer address.
5)
Configuring SA SPI
This configuration task only applies to a manually created IPSec policy. Use the
following command to configure SA SPI for manually creating an SA. An isakmp-mode
IPSec policy does not need manual configuration and IKE will automatically negotiate
SPI and create SA.
Perform the following configuration in IPSec policy view.
Table 7-10 Configure an SA SPI
Operation
Configure an SA SPI.
Delete the SA SPI.
When configuring an SA for the system, you must set the parameters in the inbound
and outbound directions separately.
The SA parameters set at both ends of the security tunnel must be fully matched. The
SPI and key in the inbound SA at the local must be the same as those in the outbound
SA at the remote. Likewise, the SA SPI and key in the outbound SA at the local must be
the same as those in the inbound SA at the remote.
6)
Configuring key for SA
This configuration is used only for manual mode IPSec policy. Security association key
can be input manually by using the following commands. (For isakmp negotiation
IPSec policy, manual configuration for key is not required. IKE will automatically
negotiate security association key.)
Perform the following configuration in IPSec policy view.
Operation
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
3Com Corporation
7-16
Chapter 7 IPSec Configuration
Command
tunnel local ip-address
undo tunnel local ip-address
tunnel remote ip-address
undo
tunnel
ip-address
Command
remote
Advertisement
Chapters
Table of Contents
Troubleshooting
