Ipsec configuration example, Network requirements, Configuring ac 1 – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

864

Figure 919 Packet statistics

IPsec configuration example

Network requirements

As shown in

Figure 641

, an enterprise branch accesses the headquarters through IPsec VPN. Configure

the IPsec VPN as follows:

•

Configure an IPsec tunnel between AC 1 and AC 1 to protect traffic between the headquarters
subnet 10.1.1.0/24 and the branch subnet 10.1.2.0/24.

•

Configure the tunnel to use the security protocol ESP, encryption algorithm DES, and authentication
algorithm SHA-1.

•

Enable IPsec RRI on AC 1, so AC 1 can automatically create a static route from the headquarters to
the branch when the IPsec SA is established. Specify the next hop as 2.2.2.2.

Figure 920 Network diagram

Configuring AC 1

1.

Configure IP addresses for the interfaces, and assign the interfaces to target zones. (Details not
shown.)

2.

Define ACL 3101 to permit packets from subnet 10.1.1.0/24 to subnet 10.1.2.0/24:

Headquarter

Branch

Internet

Device A

Device B

GE0/1
2.2.2.1/24

GE0/1

2.2.3.1/24

GEth0/0

10.1.1.1/24

GE0/0
10.1.2.1/24

Host A

10.1.1.2/24

Host B

10.1.2.2/24