Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
sub-network (10.1.2.0/24) represented by PC B. Manually create SAs, choose ESP
protocol, DES encryption algorithm and SHA1-HMAC-96 authentication algorithm.
II. Network diagram
PC A
10.1.1.2
Figure 7-4 Network diagram for creating SAs over encryption card
III. Configuration procedure
1)
Configure Router A
# Configure an access control list, defining data flow from sub-network 10.1.1.0/24 to
sub-network 10.1.2.0/24.
[Router] acl 3001
[Router-acl-3001] rule permit ip source 10.1.1.0 0.0.0.255 destination
10.1.2.0 0.0.0.255
[Router-acl-3001] rule deny ip source any destination any
[Router-acl-3001] quit
# Create SA proposal "trans1".
[Router] ipsec card-proposal tran1
# Specify SA proposal trans1 to use the encryption card on the slot 1/0/0.
[Router-ipsec-card-proposal-tran1] use encrypt-card 1/0/0
# Packet encapsulation format is tunnel mode.
[Router-ipsec-card-proposal-tran1] encapsulation-mode tunnel
# Security protocol is ESP.
[Router-ipsec-proposal-tran1] transform esp
# Select algorithm.
[Router-ipsec-proposal-tran1] esp encryption-algorithm des
[Router-ipsec-proposal-tran1] esp authentication-algorithm sha1-hmac-96
# Return to system view.
[Router-ipsec-proposal-tran1] quit
# Establish a security policy and negotiation mode is manual.
[Router] ipsec policy policy1 10 manual
# Reference access control list.
e0/0/0:10.1.1.1
s3/0/0:202.38.163.1
Router A
3Com Corporation
e0/0/0:10.1.2.1
Internet
s3/0/0:202.38.162.1
Router B
7-37
Chapter 7 IPSec Configuration
PC B
10.1.2.2
Advertisement
Chapters
Table of Contents
Troubleshooting
