Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
4.6.2 Example for Establishing an SA Through IKE Negotiation
SAs are usually established through IKE negotiation when the network is complicated. IKE
automatically establishes an SA and performs key exchange to improve efficiency of SA
establishment and ensure network security.
Networking Requirements
As shown in
IPSec tunnel protects data flows between the subnet of PC A (10.1.1.x) and subnet of PC B
(10.1.2.x). The IPSec tunnel uses the ESP protocol, DES encryption algorithm, and SHA-1
authentication algorithm.
The SPUs of SwitchA and SwitchB are installed in slot 5 of their subracks.
Issue 01 (2012-03-15)
sa spi outbound esp 54321
sa string-key outbound esp gfedcba
#
interface XGigabitEthernet0/0/1.1
control-vid 20 dot1q-termination
dot1q termination vid 20
ip address 202.38.162.1 255.255.255.0
ipsec policy map1
arp broadcast enable
#
interface XGigabitEthernet0/0/1.2
control-vid 30 dot1q-termination
dot1q termination vid 30
ip address 202.38.162.2 255.255.255.0
arp broadcast enable
#
ip route-static 10.1.1.0 255.255.255.0 202.38.163.1
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 20 30
#
interface GigabitEthernet1/0/11
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20
#
interface XGigabitEthernet5/0/0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 30
#
return
Figure
4-4, an IPSec tunnel is established between SwitchA and SwitchB. This
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
137
Advertisement
Table of Contents
