IPSec Configuration Example 583
[RouterA-ipsec-policy-policy1-10] security acl 101
i Set remote address.
[RouterA-ipsec-policy-policy1-10] tunnel remote 202.38.162.1
j Set local address.
[RouterA-ipsec-policy-policy1-10] tunnel local 202.38.163.1
k Quote IPSec proposal.
[RouterA-ipsec-policy-policy1-10] proposal tran1
l Set SPI.
[RouterA-ipsec-policy-policy1-10] sa outbound esp spi 12345
[RouterA-ipsec-policy-policy1-10] sa inbound esp spi 54321
m Set encryption key.
[RouterA-ipsec-policy-policy1-10] sa outbound esp string-key abcdefg
[RouterA-ipsec-policy-policy1-10] sa inbound esp string-key gfedcba
n Return to system view.
[RouterA-ipsec-policy-policy1-10] quit
o Enter Ethernet interface view and configure IP address.
[RouterA-Ethernet0] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet0] quit
p Enter serial port configuration mode and configure IP address.
[RouterA] interface serial 0
[RouterA-Serial0] ip address 202.38.163.1 255.255.255.0
q Return to system view and configure the static routing to network segment
10.1.2.x.
[RouterA-Serial0] quit
[RouterA] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
r Apply security policy base on serial port.
[RouterA-Serial0] ipsec policy policy1
2 Configure Router B
a Configure an access list and define a data stream from subnet 10.1.2.x to
subnet 10.1.1.x.
[RouterB] acl 100
[RouterB-acl-100] rule permit ip source 10.1.2.0 0.0.0.255
destination 10.1.1.0 0.0.0.255
[RouterB-acl-100] rule deny ip source any destination any
b Establish IPSec proposal in the name of tran1.
[RouterB] ipsec card-proposal tran1
c Adopt tunnel module for packets encapsulation.
[RouterB-ipsec-card-proposal-tran1] encapsulation-mode tunnel
d Adopt ESP protocol for security protocol.
[RouterB-ipsec-card-proposal-tran1] transform esp-new
e Select algorithm.
[RouterB-ipsec-card-proposal-tran1] esp-new encryption-algorithm des