3Com 3C13636 Configuration Manual page 1145

3Com Router 3000 Ethernet Family
Configuration Guide
III. Configuration procedure
1) Configure Router A
# Configure Router A as the master in a VRRP group.
<3Com> system
[3Com] vrrp ping-enable
[3Com] interface ethernet0/0/0
[3Com-Ethernet0/0/0] ip address 10.0.0.1 255.255.255.0
[3Com-Ethernet0/0/0] vrrp vrid 1 virtual-ip 10.0.0.5
[3Com-Ethernet0/0/0] vrrp vrid 1 priority 120
[3Com-Ethernet0/0/0] vrrp vrid 1 preempt-mode timer delay 5
[3Com-Ethernet0/0/0] interface ethernet1/0/0
[3Com-Ethernet1/0/0] ip address 11.0.0.1 255.255.255.0
[3Com-Ethernet1/0/0] vrrp vrid 2 virtual-ip 11.0.0.5
[3Com-Ethernet1/0/0] vrrp vrid 2 priority 120
[3Com-Ethernet1/0/0] vrrp vrid 2 preempt-mode timer delay 5
[3Com-Ethernet1/0/0] quit
# Configure the data flow protected by IPSec.
[3Com] acl number 3101
[3Com-acl-adv-3101] rule 0 permit ip source 11.0.0.0 0.0.0.255 destination
12.0.0.0 0.0.0.255
[3Com-acl-adv-3101] rule deny ip source any destination any
[3Com-acl-adv-3101] quit
# Configure a static route to host B.
[3Com] ip route-static 0.0.0.0 0.0.0.0 10.0.0.4 preference 60
# Configure IPSec DPD.
[3Com] ike dpd dpd1
[3Com-ike-dpd-dpd1] interval_time 10
[3Com-ike-dpd-dpd1] time_out 5
[3Com-ike-dpd-dpd1] quit
# Create a security proposal named tran1 (the contents are omitted).
[3Com] ipsec proposal tran1
#Configure an IKE peer.
[3Com] ike peer peer
[3Com-ike-peer-peer] pre-shared-key abcde
[3Com-ike-peer-peer] remote-address 13.0.0.1
[3Com-ike-peer-peer] local-address 10.0.0.5
[3Com-ike-peer-peer] dpd dpd1
[3Com-ike-peer-peer] quit
# Create a security policy, setting negotiation mode to ISAKMP.
3Com Corporation
7-41
Chapter 7 IPSec Configuration