Displaying And Maintaining Ike; Ike Configuration Example - H3C S5500-EI Series Security Configuration Manual

Displaying and maintaining IKE

Task
Display IKE DPD information
Display IKE peer information
Display IKE SA information
Display IKE proposal information
Clear SAs established by IKE

IKE configuration example

Network requirements
As shown in
and Switch B to secure the communication between the two switches.
For Switch A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm SHA1. Configure Switch B to use the default IKE proposal.
Configure the two routers to use the pre-shared key authentication method.
Figure 103 Network diagram
Configuration procedure
Make sure Switch A and Switch B can reach each other.
1.
Configure Switch A:
2.
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Configure ACL 3101 to identify traffic between Switch A and Switch B..
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0
[SwitchA-acl-adv-3101] quit
# Create IPsec proposal tran1.
Figure 103, configure an IPsec tunnel that uses IKE negotiation between gateways Switch A
Command
display ike dpd [ dpd-name ] [ | { begin |
exclude | include } regular-expression ]
display ike peer [ peer-name ] [ | { begin |
exclude | include } regular-expression ]
display ike sa [ verbose [ connection-id
connection-id | remote-address
remote-address ] ] [ | { begin | exclude |
include } regular-expression ]
display ike proposal [ | { begin | exclude |
include } regular-expression ]
reset ike sa [ connection-id ]
309
Remarks
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in user view.