Establishing Security Association In Isakmp Mode - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

7.4.2 Establishing Security Association in isakmp Mode

I. Network requirements
As displayed in above figure, a security tunnel is configured between Router A and
Router B. Data flow security protection will be setup between sub-network (10.1.1.x)
represented by PC A and sub-network (10.1.2.x) represented by PC B. Security
protocol used is ESP and encryption algorithm is DES. The authentication method is
SHA1-HMAC-96.
II. Network diagram
See Figure 7-3.
III. Configuration procedure
1) Configure Router A
# Configure an access control list, specifying data flow from sub-network 10.1.1.x to
sub-network 10.1.2.x.
[3Com] acl number 3101
[3Com-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination
10.1.2.0 0.0.0.255
[3Com-acl-adv-3101] rule deny ip source any destination any
# Configure static route to PC B.
[3Com] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
# Establish IPSec proposal with the name tran1.
[3Com] ipsec proposal tran1
# Packet encapsulation format is tunnel mode.
[3Com-ipsec-proposal-tran1] encapsulation-mode tunnel
# Security protocol is ESP.
[3Com-ipsec-proposal-tran1] transform esp
# Select algorithms.
[3Com-ipsec-proposal-tran1] esp encryption-algorithm des
[3Com-ipsec-proposal-tran1] esp authentication-algorithm sha1
# Return to system view.
[3Com-ipsec-proposal-tran1] quit
# Configure an IKE peer.
[3Com] ike peer peer
[3Com-ike-peer-peer] pre-shared-key abcde
[3Com-ike-peer-peer] remote-address 202.38.162.1
# Establish an IPSec policy, and negotiation is isakmp.
3Com Corporation
7-34
Chapter 7 IPSec Configuration