Task
Display IPsec packet statistics.
Display IPsec tunnel information.
Clear SAs.
Clear IPsec statistics.
IPsec configuration examples
Configuring a manual mode IPsec tunnel for IPv4 packets
Network requirements
As shown in
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel to use the security protocol
ESP, the encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96.
Figure 97 Network diagram
Configuration procedure
1.
Configure Router A:
# Define an ACL to identify data flows from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Configure a static route to Host B.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 serial 2/1/1
# Create an IPsec transform set named tran1.
[RouterA] ipsec transform-set tran1
Command
display ipsec statistics [ tunnel-id integer ]
[ | { begin | exclude | include }
regular-expression ]
display ipsec tunnel [ | { begin | exclude
| include } regular-expression ]
reset ipsec sa [ parameters [ ipv6 ]
dest-address protocol spi | policy
policy-name [ seq-number ] | remote
[ ipv6 ] ip-address ]
reset ipsec statistics
Figure
97, configure an IPsec tunnel between Router A and Router B to protect data flows
276
Remarks
Available in any view.
Available in any view.
Available in user view.
Available in user view.