Typical Example For Configuring Ipsec; Creating Sa In Manual Mode - H3C SecPath F1800-A Operation Manual

Operation Manual - VPN
H3C SecPath F1800-A Firewall
Enable the IPSec card.

3.4 Typical Example for Configuring IPSec

3.4.1 Creating SA in Manual Mode

I. Networking Requirements
A security tunnel is created between Router A and Router B. Data stream security
protection will be setup between subnet (10.1.1.x) represented by PC A and subnet
(10.1.2.x) represented by PC B. Security protocol used is ESP; encryption algorithm
is DES. The authentication method is SHA1-HMAC-96.
II. Networking Diagram
SecPath A
10.1.1.1
PC A
10.1.1.2
Figure 3-4 Networking diagram for IPSec configuration
III. Configuration Procedure
1) Configuring SecPath A
# Configure an ACL; define data stream from subnet 10.1.1.x to subnet 10.1.2.x.
[SecPath] acl number 3101
[SecPath-acl-adv-3101] rule permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
[SecPath-acl-adv-3101] rule deny ip any any
# Configure the static route to PC B.
[SecPath] ip route 10.1.2.0 255.255.255.0 202.38.162.1
# Create the IPSec proposal by the name of tran1.
[SecPath] ipsec proposal tran1
# Packet encapsulation mode is tunnel mode.
[SecPath-ipsec-proposal-tran1] encapsulation-mode tunnel
# Security protocol is ESP.
Action
202.38.163.2
Ethernet 2/0/0
202.38.163.1
Command
undo shutdown
202.38.162.2
Internet
7-70
Chapter 3 IPSec Configuration
SecPath B
Ethernet 1/0/0
10.1.2.1
202.38.162.1
PC B
10.1.2.2