To do...
Display IPsec tunnel
information
Clear SAs
Clear IPsec statistics
IPsec configuration examples
Establishing an IPsec tunnel in manual mode example
Network requirements
As shown in
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel to use the security protocol
ESP, the encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96.
Figure 96 Network diagram for IPsec configuration
Configuration procedure
Configure Router A.
1.
# Define an ACL to identify data flows from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Configure a static route to Host B.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 serial 2/1/1
# Create an IPsec proposal named tran1.
[RouterA] ipsec proposal tran1
Command...
display ipsec tunnel [ | { begin | exclude |
include } regular-expression ]
reset ipsec sa [ parameters dest-address protocol
spi | policy policy-name [ seq-number ] | remote
ip-address ]
reset ipsec statistics
Figure
96, an IPsec tunnel is required between Router A and Router B to protect data flows
270
Remarks
Available in any view
Available in user view
Available in user view