3Com 10014299 Network Router User Manual

Open as PDF

of 762

580 CHAPTER 40: CONFIGURING IPSEC

[RouterB-Serial0] ipsec policy use1

[RouterB-Serial0] ip address 202.38.162.1 255.255.255.0

o Configure the route.

[RouterB] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1

After the configuration is complete and the security tunnel between Router A and

Router B is established, the data stream between Subnet 10.1.1.x and Subnet

10.1.2.x will be transmitted with encryption.

Creating an SA in IKE

Negotiation Mode

Establish a security tunnel between Router A and Router B to perform security

protection for the data streams between PC-A represented subnet (10.1.1.x) and

PC-B represented subnet (10.1.2.x). The security protocol adopts ESP protocol,

algorithm adopts DES, and authentication algorithm adopts sha1-hmac-96. See

Figure 174 for an illustration of the configuration.

Prior to configuring, you should ensure that Router A and Router B can interwork

at the network layer through a serial interface.

1 Configure Router A:

a Configure an access list and define the data stream from Subnet 10.1.1x to

Subnet 10.1.2x.

[RouterA] acl 101

[RouterA-acl-101] rule permit ip source 10.1.1.0 0.0.0.255

destination 10.1.2.0 0.0.0.255

[RouterA-acl-101] rule deny ip source any destination any

b Create the IPSec proposal view named trans1

[RouterA] ipsec proposal tran1

c Adopt tunnel mode as the message-encapsulating form

[RouterA-ipsec-proposal-tran1] encapsulation-mode tunnel

d Adopt ESP protocol as security protocol

[RouterA-ipsec-proposal-tran1] transform esp-new

e Select authentication algorithm and encryption algorithm

[RouterA-ipsec-proposal-tran1] esp-new encryption-algorithm des

[RouterA-ipsec-proposal-tran1] esp-new authentication-algorithm

sha1-hmac-96

f Create a security policy with negotiation mode as isakmp

[RouterA] ipsec policy policy1 10 isakmp

g Set remote addresses

[RouterA-ipsec-policy-policy1-10] tunnel remote 202.38.162.1

h Quote IPSec proposal

[RouterA-ipsec-policy-policy1-10] proposal tran1

i Quote access list

[RouterA-ipsec-policy-policy1-10] security acl 101

j Exit to system view

[RouterA-ipsec-policy-policy1-10] quit

k Enter serial interface view

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

3Com 10014299 Network Router User Manual