Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Procedure
l
l
l
l
----End
4.6 Configuration Examples
This section provides several configuration examples of IPSec.
4.6.1 Example for Manually Establishing an SA
You can establish SAs manually when the network topology is simple. When there are a large
number of devices on the network, it is difficult to establish SAs manually, and network security
cannot be ensured.
Networking Requirements
As shown in
data flows between the subnet of PC A (10.1.1.x) and subnet of PC B (10.1.2.x). The IPSec
tunnel uses the ESP protocol, DES encryption algorithm, and SHA-1 authentication algorithm.
The SPUs of SwitchA and SwitchB are installed in slot 5 of their subracks.
Figure 4-3 Networking diagram for establishing an SA manually
SwitchA
Issue 01 (2012-03-15)
Run the reset ipsec statistics { ah | esp } command in the user view to clear the statistics
about IPSec packets.
Run the reset ike statistics { all | msg } command in the user view to clear the statistics
about IKE packets.
Run the reset ipsec sa [ remote ip-address | policy policy-name [ seq-number ] |
parameters dest-address { ah | esp } spi ] command in the user view to clear an SA.
Run the reset ike sa { all | conn-id connection-id } command in the user view to delete a
specified IPSec tunnel or all established IPSec tunnels.
Figure
4-3, an IPSec tunnel is established between SwitchA and SwitchB to protect
VLAN 20
VLAN 10
202.38.163.1/24
VLAN 20
XGE0/0/1.1
XGE5/0/0
XGE0/0/1.2
202.38.168.2/24
VLAN 10
GE1/0/12
GE1/0/11
10.1.1.2/24
PC A
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VLAN 30
VLAN 20
XGE5/0/0 XGE0/0/1.1
GE1/0/12
Internet
10.1.2.2/24
4 IPSec Configuration
VLAN 20
202.38.162.1/24
XGE0/0/1.2
202.38.165.2/24
VLAN 30
SwitchB
GE1/0/11
PC B
131
Advertisement
Table of Contents
