User login control – H3C Technologies H3C S12500-X Series Switches User Manual
Page 159
147
[SwitchA] display ipsec sa
-------------------------------
Interface: Vlan-interface 1
-------------------------------
-----------------------------
IPsec policy: map1
Sequence number: 10
Mode: manual
-----------------------------
Tunnel id: 549
Encapsulation mode: tunnel
Path MTU: 1443
Tunnel:
local address: 2.2.2.1
remote address: 2.2.3.1
Flow:
as defined in ACL 3101
[Inbound ESP SA]
SPI: 54321 (0x0000d431)
Transform set: ESP-ENCRYPT-AES-CBC-192 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 12345 (0x00003039)
Transform set: ESP-ENCRYPT-AES-CBC-192 ESP-AUTH-SHA1
No duration limit for this SA
250B
Configuring an IKE-based IPsec tunnel for IPv4 packets
474B
Network requirements
As shown in
857H
Figure 44
, establish an IPsec tunnel between Switch A and Switch B to protect data flows
between the switches. Configure the IPsec tunnel as follows:
•
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption algorithm as
AES-CBC-192, and the authentication algorithm as HMAC-SHA1.
•
Set up SAs through IKE negotiation.
Figure 44 Network diagram
475B
Configuration procedure
1.
Configure Switch A:
# Configure an IP address for VLAN-interface 1.
[SwitchA] interface vlan-interface 1
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches