Displaying And Maintaining Ike; Ike Configuration Example - H3C S5120-HI Security Configuration Manual

Displaying and maintaining IKE

Task
Display IKE DPD information
Display IKE peer information
Display IKE SA information
Display IKE proposal information
Clear SAs established by IKE

IKE configuration example

Network requirements
As shown in
and Switch B to secure the communication between the two switches.
For Switch A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm SHA1. Configure Switch B to use the default IKE proposal.
Configure the two routers to use the pre-shared key authentication method.
Figure 62 Network diagram
Configuration procedure
Make sure Switch A and Switch B can reach each other.
1.
Configure Switch A:
2.
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Configure ACL 3101 to identify traffic from Switch A to Switch B..
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0
[SwitchA-acl-adv-3101] quit
# Create IPsec proposal tran1.
Figure 62, configure an IPsec tunnel that uses IKE negotiation between gateways Switch A
Command
display ike dpd [ dpd-name ] [ | { begin |
exclude | include } regular-expression ]
display ike peer [ peer-name ] [ | { begin |
exclude | include } regular-expression ]
display ike sa [ verbose [ connection-id
connection-id | remote-address
remote-address ] ] [ | { begin | exclude |
include } regular-expression ]
display ike proposal [ | { begin | exclude |
include } regular-expression ]
reset ike sa [ connection-id ]
247
Remarks
Available in any view.
Available in any view.
Available in any view.
Available in any view.
Available in user view.