Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Step 6 Apply the IPSec policies to the interfaces of the SPUs on SwitchA and SwitchB.
# Apply the IPSec policy to the SPU interface on SwitchA.
[SPU] interface XGigabitEthernet 0/0/1.1
[SPU-XGigabitEthernet0/0/1.1] ipsec policy map1
[SPU-XGigabitEthernet0/0/1.1] quit
# Apply the IPSec policy to the SPU interface on SwitchB.
[SPU] interface XGigabitEthernet 0/0/1.1
[SPU-XGigabitEthernet0/0/1.1] ipsec policy use1
[SPU-XGigabitEthernet0/0/1.1] quit
Run the display ipsec sa command on the SPUs of SwitchA and SwitchB to view the
configuration. Take the display on the SPU of SwitchA as an example.
[SPU] display ipsec sa
===============================
Interface: XGigabitEthernet0/0/1.1
===============================
-----------------------------
IPsec policy name: "map1"
Sequence number: 10
Mode: Manual
-----------------------------
Step 7 Verify the configuration.
After the configuration is complete, PC A can ping PC B. Run the display ipsec statistics esp
command, and you can view statistics about data packets.
----End
Configuration Files
l
Issue 01 (2012-03-15)
ESP authentication hex key:
Outbound AH setting:
AH SPI:
AH string-key:
AH authentication hex key:
Outbound ESP setting:
ESP SPI: 12345 (0x3039)
ESP string-key: abcdefg
ESP encryption hex key:
ESP authentication hex key:
Path MTU: 1500
Encapsulation mode: Tunnel
Tunnel local : 202.38.163.1
Tunnel remote: 202.38.162.1
[Outbound ESP SAs]
SPI: 12345 (0x3039)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-SHA1
No duration limit for this SA
[Inbound ESP SAs]
SPI: 54321 (0xd431)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-SHA1
No duration limit for this SA
Configuration of the SPU on SwitchA
#
sysname SPU
#
acl number 3101
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
135
Advertisement
Table of Contents
