3Com 3C13636 Configuration Manual page 1143

3Com Router 3000 Ethernet Family
Configuration Guide
# Specify SA proposal trans1 to use the encryption card on the slot 1/0/0.
[Router-ipsec-card-proposal-tran1] use encrypt-card 1/0/0
# Packet encapsulation format is tunnel mode.
[Router-ipsec-card-proposal-tran1] encapsulation-mode tunnel
# Security protocol is ESP.
[Router-ipsec-card-proposal-tran1] transform esp
# Select algorithms.
[Router-ipsec-card-proposal-tran1] esp encryption-algorithm des
[Router-ipsec-card-proposal-tran1]
sha1-hmac-96
# Return to system view.
[Router-ipsec-card-proposal-tran1] quit
# Establish a security policy and negotiation mode is manual.
[Router] ipsec policy map1 10 manual
# Reference access control list.
[Router-ipsec-policy-map1-10] security acl 3000
# Configure the peer address.
[Router-ipsec-policy-map1-10] tunnel remote 202.38.163.1
# Configure local end address.
[Router-ipsec-policy-map1-10] tunnel local 202.38.162.1
# Reference SA proposal.
[Router-ipsec-policy-map1-10] proposal tran1
# Configure SPI.
[Router-ipsec-policy-map1-10] sa outbound esp spi 54321
[Router-ipsec-policy-map1-10] sa inbound esp spi 12345
# Configure shared secret.
[Router-ipsec-policy-map1-10] sa outbound esp string-key gfedcba
[Router-ipsec-policy-map1-10] sa inbound esp string-key abcdefg
# Return to system view.
[Router-ipsec-policy-map1-10] quit
# Enter Ethernet interface view; configure IP address.
[Router] interface Ethernet0/0/0
[Router-Ethernet0/0/0] ip address 10.1.2.1 255.255.255.0
# Enter serial interface view, configure IP address.
[Router-Ethernet0/0/0] interface serial 3/0/0
esp
3Com Corporation
7-39
Chapter 7 IPSec Configuration
authentication-algorithm