Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
[Router-ipsec-policy-policy1-10] security acl 3001
# Configure the peer address.
[Router-ipsec-policy-policy1-10] tunnel remote 202.38.162.1
# Configure local end address.
[Router-ipsec-policy-policy1-10] tunnel local 202.38.163.1
# Reference SA proposal.
[Router-ipsec-policy-policy1-10] proposal tran1
# Configure SPI.
[Router-ipsec-policy-policy1-10] sa outbound esp spi 12345
[Router-ipsec-policy-policy1-10] sa inbound esp spi 54321
# Configure shared secret.
[Router-ipsec-policy-policy1-10] sa outbound esp string-key abcdefg
[Router-ipsec-policy-policy1-10] sa inbound esp string-key gfedcba
# Return to system view.
[Router-ipsec-policy-policy1-10] quit
# Enter Ethernet interface view; configure IP address.
[Router] interface Ethernet0/0/0
[Router-Ethernet0/0/0] ip address 10.1.1.1 255.255.255.0
# Enter serial interface view; configure IP address.
[Router-Ethernet0/0/0] interface serial 3/0/0
[Router-Serial3/0/0] ip address 202.38.163.1 255.255.255.0
# Apply the security policy set to the serial interface.
[Router-Serial3/0/0] ipsec policy policy1
[Router-Serial3/0/0] quit
# Return to system view, configure a static route to the segment 10.1.2.0/24.
[Router] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
2)
Router B will be configured as follows:
# Configure an access control list, specifying data flow from sub-network 10.1.2.0/24 to
sub-network 10.1.1.0/24.
[Router] acl 3000
[Router-acl-3000] rule permit ip source 10.1.2.0 0.0.0.255 destination
10.1.1.0 0.0.0.255
[Router-acl-3000] rule deny ip source any destination any
[Router-acl-3000] quit
# Create the SA proposal named trans1.
[Router] ipsec card-proposal tran1
3Com Corporation
7-38
Chapter 7 IPSec Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
