3Com Router 3000 Ethernet Family
Configuration Guide
If the ISAKMP SA at stage 1 still exists when you deleting the local SA, the system will
send the DELETE message in the protection mode of the ISAKMP SA to notify the peer
to clear the SA database.
If no connection-id is specified, all the SAs at stage 1 will be removed.
Security channel and SA are totally different concepts. Security channel is a channel
via which its two endpoints can make bidirectional communications but IPSec SA is just
a unidirectional connection. In other words, security channel comprises a pair or
several pairs of SAs.
8.4 Typical Configuration of IKE
8.4.1 Typical IKE Configuration Example
I. Network requirements
Hosts 1 and 2 communicate securely, and a security channel is established with
IKE automatic negotiation between security GWs A and B.
Configure an IKE proposal assigned with the priority level 10 on the security GW A
and apply the default IKE proposal on the security GW B.
Configure authentication key for the proposal using the pre-shared key
authentication method.
II. Network diagram
Security gateway A
Host 1
Figure 8-2 Network diagram of IKE configuration example
III. Configuration procedure
1)
Make the following configurations on the security GW A:
# Configure an IKE peer.
[3Com] ike peer peer
[3Com-ike-peer-peer] pre-shared-key abcde
[3Com-ike-peer-peer] remote-address 171.69.224.33
# Configure an IKE proposal 10.
Serial 12/0/1
202.38.160.1
Internet
Ethernet
202.39.1.0
3Com Corporation
Serial 4/1/2
171.69.224.33
Security gateway B
Ethernet
172.70.2.0
Host 2
8-13
Chapter 8 IKE Configuration