IPSec Configuration Example 579
l Apply security policy group on serial interface
[RouterA]interface serial 0
[RouterA-Serial0] ipsec policy policy1
[RouterA-Serial0] ip address 202.38.163.1 255.255.255.0
m Configure the route.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
2 Configure Router B:
a Configure an access list and define the data stream from Subnet 10.1.2x to
Subnet 10.1.1x.
[RouterB] acl 101
[RouterB-acl-101] rule permit ip source 10.1.2.0 0.0.0.255
destination 10.1.1.0 0.0.0.255
[RouterB-acl-101] rule deny ip source any destination any
b Create the IPSec proposal view named tran1
[RouterB] ipsec proposal tran1
c Adopt tunnel mode as the message-encapsulating form
[RouterB-ipsec-proposal-tran1] encapsulation-mode tunnel
d Adopt ESP protocol as security protocol
[RouterB-ipsec-proposal-tran1] transform esp-new
e Select authentication algorithm and encryption algorithm
[RouterB-ipsec-proposal-tran1] esp-new encryption-algorithm des
[RouterB-ipsec-proposal-tran1] esp-new authentication-algorithm
sha1-hmac-96
f Create a security policy with negotiation mode as manual
[RouterB] ipsec policy use1 10 manual
g Quote access list
[RouterB-ipsec-policy-use1-10] security acl 101
h Quote IPSec proposal
[RouterB-ipsec-policy-use1-10] proposal tran1
i Set local and remote addresses
[RouterB-ipsec-policy-use1-10] tunnel local 202.38.162.1
[RouterB-ipsec-policy-use1-10] tunnel remote 202.38.163.1
j Set SPI
[RouterB-ipsec-policy-use1-10] sa outbound esp spi 54321
[RouterB-ipsec-policy-use1-10] sa inbound esp spi 12345
k Set session key
[RouterB-ipsec-policy-use1-10] sa outbound esp string-key gfedcba
[RouterB-ipsec-policy-use1-10] sa inbound esp string-key abcdefg
l Exit to system view
[RouterB-ipsec-policy-use1-10] quit
m Enter serial interface view
[RouterB] interface serial 0
n Apply security policy group on serial interface