Implementing Encryption/Decryption And Authentication On Encryption Card - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
# Return to system view.
[3Com-ipsec-proposal-tran1] quit
# Configure an IKE peer.
[3Com] ike peer peer
[3Com-ike-peer-peer] pre-shared-key abcde
[3Com-ike-peer-peer] remote-address 202.38.163.1
# Establish an IPSec policy, and negotiation mode is isakmp.
[3Com] ipsec policy use1 10 isakmp
# Reference access control list.
[3Com-ipsec-policy-isakmp-use1-10] security acl 3101
# Reference IPSec proposal.
[3Com-ipsec-policy-isakmp-use1-10] proposal tran1
# Reference the IKE peer.
[3Com-ipsec-policy-isakmp-map1-10] ike peer peer
# Return to system view.
[3Com-ipsec-policy-isakmp-use1-10] quit
# Enter serial interface view.
[3Com] interface serial 4/1/2
# Configure serial interface IP address.
[3Com-Serial4/1/2] ip address 202.38.162.1 255.0.0.0
# Use IPSec policy group on serial interface.
[3Com-Serial4/1/2] ipsec policy use1
# Return to system view.
[3Com-Serial4/1/2] quit
After above configuration is finished, if there is packet transmitted between Router A
and Router B, IKE will be triggered for negotiation to establish Security Association.
When the IKE negotiation succeeds and Security Association is established, data flow
will be encrypted before transmission between sub-network 10.1.1.x and sub-network
10.1.2.x.
7.4.3 Implementing Encryption/Decryption and Authentication on
Encryption Card
I. Network requirements
A security tunnel will be configured between Router A and Router B. Data flow security
protection will be setup between sub-network (10.1.1.0/24) represented by PC A and
3Com Corporation
7-36
Chapter 7 IPSec Configuration