Configuring device b – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

870

Figure 926 Applying IPsec policy to VLAN-interface 1

Configuring Device B

The configuration steps on Device B are similar to those on Device A. The configuration pages are not

shown.

1.

Configure IP addresses for the interfaces, and assign the interfaces to the target zones. (Details not
shown.)

2.

Define an ACL to permit traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24:

a.

From the navigation tree, select QoS > ACL IPv4.

b.

Click the Add tab.

c.

Enter the ACL number 3101, and select the match order Config.

d.

Click Apply.

e.

Click the Advanced Setup tab.

f.

Select the ACL number 3101.

g.

Select Permit from the Action list.

h.

Select Source IP Address, and enter 10.1.2.0 and 0.0.0.255 as the source IP address and

mask.

i.

Select Destination IP Address, and enter 10.1.1.0 and 0.0.0.255 as the destination IP address
and mask.

j.

Click Apply.

3.

Configure a static route to Host 1:

a.

From the navigation tree, select Network > IPv4 Routing.

b.

Click the Add tab.

c.

Enter the destination IP address 10.1.1.0 and mask 255.255.255.0.

d.

Select the outbound interface Vlan-interface1.

e.

Click Apply.

4.

Configure an IPsec proposal named tran1:

a.

From the navigation tree, select VPN > IPSec.

b.

Click the Proposal tab.

c.

Click Add.

d.

From the IPSec Proposal Configuration Wizard page, select Custom mode.

e.

Enter the IPsec proposal name tran1.

f.

Select the packet encapsulation mode Tunnel.