Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
[RouterB-ipsec-proposal-prop] quit
# Create an IPSec policy and specify to set up SA by means of IKE negotiation.
[RouterB] ipsec policy policy 10 isakmp
# Reference the IKE peer in the IPSec policy.
[RouterB-ipsec-policy-isakmp-policy-10] ike-peer peer
# Reference the ACL 3101 in the IPSec policy.
[RouterB-ipsec-policy-isakmp-policy-10] security acl 3101
# Reference the IPSec proposal "prop" in the IPSec policy.
[RouterB-ipsec-policy-isakmp-policy-10] proposal prop
[RouterB-ipsec-policy-isakmp-policy-10] quit
# Access the serial interface S0/0/0 and assign a dynamic IP address to the interface.
[RouterB] interface Serial0/0/0
[RouterB-Serial0/0/0] ip address ppp-negotiate
# Apply the IPSec policy group "policy" on the serial interface S0/0/0.
[RouterB-Serial0/0/0] ipsec policy policy
8.4.3 ADSL+IPSec/IKE Configuration Example
I. Network requirements
The following is a typical example of using IPSec with ADSL.
As shown in Figure 8-4,
Router B is connected to the DLSAM access side of the public network directly
through ADSL to work as the client of PPPoE. As Router B can obtain only private
addresses from its ISP, you need to configure NAT traversal on both Router A and
Router B.
The headquarters LAN is connected to the ATM network through Router A.
To ensure information security, IPSec/IKE is adopted to create a security tunnel.
II. Network diagram
Branch
Figure 8-4 Network diagram for use of IPSec/IKE on ADSL
e0/0/0:
192.168.0.1/24
A DSL line
atm 0/0/0
Router B
PPPoE client
3Com Corporation
S0/0/0:
NA T
100.1.1.1/24
Internet
8-17
Chapter 8 IKE Configuration
e0/0/0:172.16.0.1/24
Headquarters
Router A
Advertisement
Chapters
Table of Contents
Troubleshooting
