beautypg.com

Verifying the configuration – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 892

background image

871

g.

Select the security protocol ESP.

h.

Select the authentication algorithm SHA1.

i.

Select the encryption algorithm DES.

j.

Click Apply.

5.

Configure IKE peer peer:

a.

From the navigation tree, select VPN > IKE.

b.

Click the Peer tab.

c.

Click Add.

d.

Enter the peer name peer.

e.

Select the negotiation mode Main.

f.

Enter the remote gateway IP address 2.2.2.1.

g.

Select Pre-Shared Key, and enter abcde for both the Key and Confirm Key fields.

h.

Click Apply.

6.

Configure IPsec policy map1:

a.

From the navigation tree, select VPN > IPSec.

b.

Click the Policy tab.

c.

Click Add.

d.

Enter the policy name map1.

e.

Enter the sequence number 10.

f.

Select the IKE peer peer.

g.

Select the IPsec proposal tran1 and click <<.

h.

Enter the ACL number 3101.

i.

Click Apply.

7.

Apply IPsec policy map1 to VLAN-interface 1:

a.

From the navigation tree, select VPN > IPSec.
The page for the IPSec Application tab appears.

b.

Click the icon of interface Vlan-interface 1.

c.

Select the policy of map1.

d.

Click Apply.

Verifying the configuration

After you complete the configuration, packets to be exchanged between subnet 10.1.1.0/24 and subnet

10.1.2.0/24 triggers the negotiation of SAs by IKE. After IKE negotiation succeeds and the IPsec SAs are

established, a static route to subnet 10.1.2.0/24 through 2.2.2.2 is added to the routing table on AC 1,

and traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 is protected by IPsec.