Creating Sa In Isakmp Mode - H3C SecPath F1800-A Operation Manual

Operation Manual - VPN
H3C SecPath F1800-A Firewall
[SecPath-Ethernet1/0/0] ip address 202.38.162.1 255.255.255.0
# Apply IPSec policy group on the Ethernet interface.
[SecPath-Ethernet1/0/0] ipsec policy use1
After the above configuration, the security tunnel between SecPath A and SecPath B
is created. The data stream between subnet 10.1.1.x and subnet 10.1.2.x will be
encrypted and then transmitted.

3.4.2 Creating SA in isakmp Mode

I. Networking Requirements
As shown in
B. Data stream security protection will be setup between subnet (10.1.1.x)
represented by PC A and subnet (10.1.2.x) represented by PC B. Security protocol is
ESP; encryption algorithm is DES. The authentication method is SHA1-HMAC-96.
II. Networking Diagram
Refer to Figure
III. Configuration Procedure
1) Configuring SecPath A
# Configure an ACL; define data stream from sub-net 10.1.1.x to subnet 10.1.2.x.
[SecPath] acl number 3101
[SecPath-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination
10.1.2.0 0.0.0.255
[SecPath-acl-adv-3101] rule deny ip source any destination any
# Configure static route to PC B.
[SecPath] ip route-static 10.1.2.0 255.255.255.0 202.38.163.2
# Create the IPSec proposal by the name of tran1.
[SecPath] ipsec proposal tran1
# Packet encapsulation mode is tunnel mode.
[SecPath-ipsec-proposal-tran1] encapsulation-mode tunnel
# Security protocol is ESP.
[SecPath-ipsec-proposal-tran1] transform esp
# Select algorithm.
[SecPath-ipsec-proposal-tran1] esp encryption-algorithm des
[SecPath-ipsec-proposal-tran1] esp authentication-algorithmsha1
# Return to system view.
[SecPath-ipsec-proposal-tran1] quit
Figure 3-4, a security tunnel is created between SecPath A and SecPath
3-4.
7-73
Chapter 3 IPSec Configuration