3Com 3C13636 Configuration Manual page 1146

3Com Router 3000 Ethernet Family
Configuration Guide
[3Com] ipsec policy map1 10 isakmp
[3Com-ipsec-policy-isakmp-map1-10] proposal tran1
[3Com-ipsec-policy-isakmp-map1-10] security acl 3101
[3Com-ipsec-policy-isakmp-map1-10] ike-peer peer
[3Com-ipsec-policy-isakmp-map1-10] quit
# Apply an IPSec policy group to the interface.
[3Com] interface ethernet 0/0/0
[3Com-ethernet 0/0/0] ipsec policy map1
[3Com-ethernet 0/0/0] quit
2) Configure Router B
# Configure Router B as a slave in the VRRP standby group. It uses the default priority
100, lower than that of Router A.
<3Com> system
[3Com] vrrp ping-enable
[3Com] interface ethernet 0/0/0
[3Com-Ethernet 0/0/0] ip address 10.0.0.3 255.255.255.0
[3Com-Ethernet 0/0/0] vrrp vrid 1 virtual-ip 10.0.0.5
[3Com-Ethernet 0/0/0] interface ethernet 1/0/0
[3Com-Ethernet1/0/0] ip address 11.0.0.3 255.255.255.0
[3Com-Ethernet1/0/0] vrrp vrid 2 virtual-ip 11.0.0.5
[3Com-Ethernet1/0/0] quit
# Configure the data flow protected by IPSec.
[3Com] acl number 3101
[3Com-acl-adv-3101] rule 0 permit ip source 11.0.0.0 0.0.0.255 destination
12.0.0.0 0.0.0.255
[3Com-acl-adv-3101] rule deny ip source any destination any
[3Com-acl-adv-3101] quit
# Configure a static route to host B.
[3Com] ip route-static 0.0.0.0 0.0.0.0 10.0.0.4 preference 60
# Configure IPSec DPD.
[3Com] ike dpd dpd1
[3Com-ike-dpd-dpd1] interval_time 10
[3Com-ike-dpd-dpd1] time_out 5
[3Com-ike-dpd-dpd1] quit
#Create a security proposal named tran1 (the contents are omitted).
[3Com] ipsec proposal tran1
# Configure an IKE peer.
[3Com] ike peer peer
[3Com-ike-peer-peer] pre-shared-key abcde
3Com Corporation
7-42
Chapter 7 IPSec Configuration