[SwitchB] ike keychain keychain1
# Configure the pre-shared key used with the peer 2.2.2.1 as plaintext string of
12345zxcvb!@#$%ZXCVB.
[SwitchB-ike-keychain-keychain1] pre-shared-key address 2.2.2.1 255.255.255.0 key
simple 12345zxcvb!@#$%ZXCVB
[SwitchB-ike-keychain-keychain1] quit
# Create the IKE profile named profile1.
[SwitchB] ike profile profile1
# Reference the keychain keychain1.
[SwitchB-ike-profile-profile1] keychain keychain1
[SwitchB-ike-profile-profile1] match remote identity address 2.2.2.1 255.255.255.0
[SwitchB-ike-profile-profile1] quit
# Create an IKE mode IPsec policy entry, with the policy name use1, and sequence number 10.
[SwitchB] ipsec policy use1 10 isakmp
# Apply ACL 3101.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
# Apply the IPsec transform set tran1.
[SwitchB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Specify the local and remote IP addresses of the IPsec tunnel as 2.2.3.1 and 2.2.2.1.
[SwitchB-ipsec-policy-manual-map1-10] local-address 2.2.3.1
[SwitchB-ipsec-policy-manual-use1-10] remote-address 2.2.2.1
# Apply the IKE profile profile1.
[SwitchB-ipsec-policy-isakmp-use1-10] ike-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply the IPsec policy use1 to interface VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
Verifying the configuration
After the previous configurations, IKE negotiation is triggered to set up IPsec SAs when there are
end-to-end packets between Switch A and Switch B. After IPsec SAs are successfully negotiated by IKE,
the traffic between the two switches is IPsec protected.
263