3Com 3C13636 Configuration Manual page 1119

3Com Router 3000 Ethernet Family
Configuration Guide
IPSec policy will specify security protocol algorithm and packet encapsulation format by
referencing IPSec proposal. Before an IPSec proposal is referenced, this IPSec
proposal must be configured.
Perform the following configuration in system view.
Table 7-7 Use IPSec proposal in IPSec policy
Configure IPSec proposal referenced by
IPSec policy
Remove IPSec proposal referenced by
IPSec policy
The Security Association can be established through manual mode. One IPSec policy
can reference only one IPSec proposal. If IPSec proposal has been configured, the
former IPSec proposal must be removed so as to configure new IPSec proposal. On
both ends of security tunnel, IPSec proposals referenced by the IPSec policy must be
configured by using the same security protocol, algorithm and packet encapsulation
mode.
3) Configuring ACL referenced by IPSec policy
IPSec policy will reference ACL. IPSec will specify which packet needs security
protection and which does not according to the rules in this ACL. Packets permitted by
ACL will be in protection, while packets denied by ACL will not be protected.
Perform the following configuration in IPSec policy view.
Table 7-8 Configure access control list referenced by IPSec policy
Configure access control list referenced by IPSec policy
Remove access control list referenced by IPSec policy
One IPSec policy can reference only one ACL. If the IPSec policy has referenced more
than one ACL, only the last one takes effect. In this ACL, only one rule takes effect to
protect packets matching the ACL first. For subsequent packets matching other rules,
no protection is provided.
4) Configuring tunnel start/end point
Generally, tunnels applying IPSec policies are called "security tunnels". A security
tunnel is set up between the local and the peer GWs. To ensure the success in security
tunnel setup, you must configure correct local and peer addresses.
Perform the following configuration in IPSec policy view.
Operation
Operation
3Com Corporation
7-15
Chapter 7 IPSec Configuration
Command
proposal
[ proposal-name2...proposal-name6 ]
undo proposal [ proposal-name ]
Command
security
acl-number
undo security acl
proposal-name1
acl