3Com Router 3000 Ethernet Family
Configuration Guide
Note:
For the purpose of highlighting the configurations of IKE aggressive mode and NAT
traversal function, Routers in this example are interconnected via their serial interfaces
across the Internet and one end is configured to obtain IP address dynamically. You
can refer to this example if you access the Internet using dial-up or broadband service.
II. Network diagram
Branch
Branch
Figure 8-3 Network diagram for IKE aggressive mode and NAT traversal
III. Configuration procedure
1)
Configure Router A:
# Set a name for the local security GW.
[RouterA] ike local-name routera
# Configure ACL.
[RouterA] acl number 3101 match-order auto
[RouterA-acl-adv-3101] rule permit ip source any destination any
[RouterA -acl-adv-3101] quit
# Configure an IKE peer.
[RouterA] ike peer peer
[RouterA -ike-peer-peer] exchange-mode aggressive
[RouterA -ike-peer-peer] pre-shared-key abc
[RouterA -ike-peer-peer] id-type name
[RouterA -ike-peer-peer] remote-name routerb
[RouterA -ike-peer-peer] nat traversal
[RouterA -ike-peer-peer] quit
# Create an IPSec proposal "prop".
[RouterA] ipsec proposal prop
[RouterA-ipsec-proposal-prop] encapsulation-mode tunnel
[RouterA-ipsec-proposal-prop] transform esp
[RouterA-ipsec-proposal-prop] esp encryption-algorithm des
[RouterA-ipsec-proposal-prop] esp authentication-algorithm sha1
NAT
NAT
Leased line
Leased line
Internet
Internet
S0/0/0: ppp-negotiate
S0/0/0: ppp-negotiate
Router B
Router B
3Com Corporation
8-15
Chapter 8 IKE Configuration
Headquarters
Headquarters
S0/0/0:10.0.0.1
S0/0/0:10.0.0.1
Router A
Router A