Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
I. Creating an IPSec or card SA proposal
An IPSec proposal is a set of security protocol, algorithms and packet encapsulation
format used to implement IPSec protection. An IPSec policy can determine the adopted
security protocol, algorithms, and encapsulation mode by referencing one or more
IPSec proposals. Before an IPSec proposal is referenced by IPSec policy, this IPSec
proposal must be established. Up to 50 IPSec proposals can be configured.
You are allowed to modify an IPSec proposal, but such modifications cannot take effect
at all if the modified proposal is applied to an SA that has been setup between the two
sides after negotiation – unless you execute the reset ipsec sa (or reset encrypt-card
sa) command to reset the SA. New security proposals can only apply to new SAs.
Perform the following configuration in system view.
Table 7-1 Configure an IPSec proposal
Create an IPSec proposal and access the
IPSec proposal view (for IPSec module)
Delete the IPSec proposal (for IPSec
module)
Create a card SA proposal and access its
view (for encryption cards only )
Delete the card SA proposal (for encryption
card)
By default, no card SA proposal is configured.
II. Specifying the encryption card to be used by a security proposal
When an encryption card is used, you must specify its slot number in card SA proposal
view. Each modular router can accommodate up to four encryption cards; each can be
assigned to multiple encryption card security proposals.
Perform the following configuration in card SA proposal view.
Table 7-2 Assign an encryption card to the card SA proposal
Assign an encryption card to the card SA
proposal
Remove the configuration
By default, no encryption card is used in the card SA proposal.
Operation
Operation
3Com Corporation
7-11
Chapter 7 IPSec Configuration
Command
ipsec proposal proposal-name
undo
ipsec
proposal-name
ipsec
card-proposal
proposal-name
undo
ipsec
card-proposal
proposal-name
Command
use encrypt-card [ slot-id ]
undo use encrypt-card [ slot-id ]
proposal
Advertisement
Chapters
Table of Contents
Troubleshooting
