584 CHAPTER 40: CONFIGURING IPSEC
[RouterB-ipsec-card-proposal-tran1] esp-new authentication-algorithm
sha1-hmac-96
f Return to system view.
[RouterB-ipsec-card-proposal-tran1] quit
g Establish a security policy with manual configuration mode.
[RouterB] ipsec policy map1 10 manual
h Quote access list.
[RouterB-ipsec-policy-map1-10] security acl 100
i Set remote address.
[RouterB-ipsec-policy-map1-10] tunnel remote 202.38.163.1
j Set local address.
[RouterB-ipsec-policy-map1-10] tunnel local 202.38.162.1
k Quote IPSec proposal.
[RouterB-ipsec-policy-map1-10] proposal tran1
l Set SPI.
[RouterB-ipsec-policy-map1-10] sa outbound esp spi 54321
[RouterB-ipsec-policy-map1-10] sa inbound esp spi 12345
m Set encryption key.
[RouterB-ipsec-policy-map1-10] sa outbound esp string-key gfedcba
[RouterB-ipsec-policy-map1-10] sa inbound esp string-key abcdefg
n Return to the system view.
[RouterB-ipsec-policy-map1-10] quit
o Enter Ethernet port configuration mode and configure IP address.
[RouterB-Ethernet0] ip address 10.1.2.1 255.255.255.0
[RouterB-Ethernet0] quit
p Enter serial port configuration mode and configure IP address.
[RouterB] interface serial 0
[RouterB-Serial0] ip address 202.38.162.1 255.255.255.0
q Return to system view and configure static routing to network segment
10.1.1.x.
[RouterB-Serial0] quit
[RouterB] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1
r Apply security policy base on serial port.
[RouterB-Serial0] ipsec policy map1
Troubleshooting IPSec NDEC card cannot be configured.
When configuring relevant commands of crypto card, the following message
displays: No valid encrypt-card.