Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
Table 7-11 Configure key used by security association
Configure AH protocol authentication
key
(input in hex form)
Configure protocol authentication key
(input in character string)
Configure ESP encryption key
(input in hex form)
Delete configured security association
parameter
On both ends of security tunnel, configured Security Association parameters must be
consistent. Security association SPI and shared secret input on local end must be the
same as peer output Security Association SPI and shared secret. Security association
SPI and shared secret output on local end must the same as those input on peer end.
For the character string key and hex string key, the last configured one will be adopted.
On both ends of security tunnel, shared secret should be input in the same form. If
shared secret is input in character string on one end and in hex on the other end, the
security tunnel cannot be correctly established.
II. Creating an IPSec Policy by using IKE
Following are the configuration tasks for creating an IPSec policy by using IKE.
Create IPSec policy by using IKE
Reference an IPSec proposal in the IPSec policy
Configure ACL referenced by the IPSec policy
Reference an IKE peer in the IPSec policy
Configure the lifetime of an SA (optional)
Configure the PFS feature in negotiation (optional)
1)
Creating an IPSec policy by using IKE
Perform the following configurations in system view.
Table 7-12 Create an IPSec policy
Create an IPSec policy by using
IKE and access the IPSec policy
view.
Operation
Operation
3Com Corporation
7-17
Chapter 7 IPSec Configuration
Command
sa authentication-hex { inbound |
outbound } { ah | esp } hex-key
sa string-key { inbound | outbound }
{ ah | esp } string-key
sa
encryption-hex
outbound } esp hex-key
undo sa string-key { inbound |
outbound } { ah | esp }
undo sa authentication-hex { inbound
| outbound } { ah | esp }
undo encryption-hex { inbound |
outbound } esp
Command
ipsec
policy
policy-name
isakmp
{
inbound
|
seq-number
Advertisement
Chapters
Table of Contents
Troubleshooting
