Ipsec configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

24

To do…

Use the command…

Remarks

Clear IPsec statistics

reset ipsec statistics

Available in user view

IPsec Configuration Examples

Example for Establishing an IPsec Tunnel in Manual Mode

Network requirements

•

As shown in

Figure 6

, an IPsec tunnel is established between Device A and Device B to protect data

flows between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.

•

The security protocol to be used is ESP, encryption algorithm is DES, and authentication algorithm

is SHA1-HMAC-96.

Figure 6 Network diagram for IPsec configuration

Configuration procedure

1.

Configure Device A

# Define an ACL to identify data flows from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.

system-view

[DeviceA] acl number 3101

[DeviceA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0

0.0.0.255

[DeviceA-acl-adv-3101] quit

# Configure a static route to Host B.

[DeviceA] ip route-static 10.1.2.0 255.255.255.0 2.2.2.2

# Create an IPsec proposal named tran1.

[DeviceA] ipsec proposal tran1

# Specify the encapsulation mode as tunnel.

[DeviceA-ipsec-proposal-tran1] encapsulation-mode tunnel

# Specify the security protocol as ESP.

[DeviceA-ipsec-proposal-tran1] transform esp

# Specify the algorithms for the proposal.

[DeviceA-ipsec-proposal-tran1] esp encryption-algorithm des