Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
(seqno:1382148220)
RouterE
(seqno:1382148220)
RouterE
(seqno:1382148220)
7.4.5 IPSec/IKE Multi-Instance Configuration Example
I. Network requirements
CE1 and CE3 belong to VPN1. CE2 and CE4 belong to VPN2. Both CE1 and CE2 are
connected to PE1 through IPSec/IKE tunnels.
II. Network diagram
Eth0/0/1:
32.32.32.2/24
VPN1-CE1
Eth0/0/1:
34.34.34.2/24
VPN2-CE2
Figure 7-6 Network diagram for IPSec/IKE multi-instance configuration
III. Configuration procedure
1)
Configure CE1
<CE1> system-view
# Configure an IKE peer.
[CE1] ike peer test
[CE1-ike-peer-test] pre-shared-key huawei
[CE1-ike-peer-test] remote-address 21.21.21.1
[CE1-ike-peer-test] quit
# Configure an IPSec proposal. (The details are omitted here.)
[CE1] ipsec proposal prop
# Configure an IPSec policy.
[CE1] ipsec policy map 1 isakmp
[CE1-ipsec-policy-isakmp-map-1] security acl 3000
[CE1-ipsec-policy-isakmp-map-1] ike-peer test
[CE1-ipsec-policy-isakmp-map-1] proposal prop
[CE1-ipsec-policy-isakmp-map-1] quit
# Configure Ethernet interfaces and apply IPSec policies to interface Ethernet 0/0/0.
IKE/8/DEBUG:RESPONSE(recv
IKE/8/DEBUG:RESPONSE(send
Eth0/0/0:
21.21.21.2/24
Eth0/0/0:
21.21.21.1/24
Eth0/0/2:
41.41.41.1/24
Loopback0:
Eth0/0/1:
100.100.100.1/32
31.31.31.1/24
PE 1
Eth0/0/0:
31.31.31.2/24
3Com Corporation
dpd
request):
dpd
response):
AS 100
51.51.51.2/24
41.41.41.3/24
Loopback0:
100.100.100.2/32
61.61.61.2/24
PE 2
7-45
Chapter 7 IPSec Configuration
received
a
message
send
a
message
33.33.33.3/24
51.51.51.1/24
VPN1-CE3
61.61.61.1/24
62.62.62.1/24
VPN2-CE4
Advertisement
Chapters
Table of Contents
Troubleshooting
