beautypg.com

Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 156

background image

28

[DeviceB-ipsec-proposal-tran1] transform esp

# Specify the algorithms for the proposal.

[DeviceB-ipsec-proposal-tran1] esp encryption-algorithm des

[DeviceB-ipsec-proposal-tran1] esp authentication-algorithm sha1

[DeviceB-ipsec-proposal-tran1] quit

# Configure the IKE peer.

[DeviceB] ike peer peer

[DeviceB-ike-peer-peer] pre-share-key abcde

[DeviceB-ike-peer-peer] remote-address 2.2.2.1

[DeviceB-ike-peer-peer] quit

# Create an IPsec policy, specify to use the IKE negotiation mode.

[DeviceB] ipsec policy use1 10 isakmp

# Apply the ACL.

[DeviceB-ipsec-policy-isakmp-use1-10] security acl 3101

# Apply the IPsec proposal.

[DeviceB-ipsec-policy-isakmp-use1-10] proposal tran1

# Apply the IKE peer.

[DeviceB-ipsec-policy-isakmp-use1-10] ike-peer peer

[DeviceB-ipsec-policy-isakmp-use1-10] quit

# Configure the IP address of the interface.

[DeviceB] interface gigabitethernet 0/2

[DeviceB-GigabitEthernet0/2] ip address 2.2.3.1 255.255.255.0

# Apply the IPsec policy group to the interface.

[DeviceB-GigabitEthernet0/2] ipsec policy use1

After above configuration, IKE negotiation will be triggered to set up SAs when there is traffic between
subnet 10.1.1.0/24 and subnet 10.1.2.0/24. If IKE negotiation is successful and SAs are set up, the traffic

between the two subnets will be IPsec protected.

Example for Configuring IPsec with IPsec Tunnel Interfaces

Network requirements

As shown in

Figure 7

, the gateway of the branch accesses the Internet through a dial-up line and obtains

the IP address dynamically, while the headquarters accesses the Internet by using a fixed IP address. The

requirements are as follows:

Traffic between the branch and headquarters are transmitted through an IPsec tunnel.

The IPsec configuration of the gateway for the headquarters remains relatively stable despite of
changes of the branch's private IP address segment.

To meet the requirements, configure an IPsec tunnel interface on each Device and configure a static route

on each Device to route the packets destined to the peer to the IPsec tunnel interface for IPsec protection.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: