Configuation procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 157
29
Figure 7 Network diagram for setting up an IPsec tunnel with IPsec tunnel interfaces
Configuation procedure
1.
Configure Device A
# Name the local gateway devicea.
[DeviceA] ike local-name devicea
# Configure an IKE peer named atob. As the local peer obtains the IP address automatically, set the IKE
negotiation mode to aggressive.
[DeviceA] ike peer atob
[DeviceA-ike-peer-atob] exchange-mode aggressive
[DeviceA-ike-peer-atob] pre-shared-key simple aabb
[DeviceA-ike-peer-atob] id-type name
[DeviceA-ike-peer-atob] remote-name deviceb
[DeviceA-ike-peer-atob] quit
# Create an IPsec proposal named method1, leaving it using the defaults, that is, the security protocol of
ESP, the encryption algorithm of DES, and the authentication algorithm of MD5.
[DeviceA] ipsec proposal method1
[DeviceA-ipsec-proposal-method1] quit
# Create an IPsec profile named atob.
[DeviceA] ipsec profile atob
# Configure the IPsec profile to reference the IKE peer.
[DeviceA-ipsec-profile-atob] ike-peer atob
# Configure the IPsec profile to reference the IPsec proposal method1.
[DeviceA-ipsec-profile-atob] proposal method1
[DeviceA-ipsec-profile-atob] quit
# Create tunnel interface Tunnel 1.
[DeviceA] interface tunnel 1
# Assign IPv4 address 10.1.1.1/24 to tunnel interface Tunnel 1.
[DeviceA–Tunnel1] ip address 10.1.1.1 24
# Set the tunnel mode of tunnel interface Tunnel 1 to IPsec over IPv4.
[DeviceA–Tunnel1] tunnel-protocol ipsec ipv4
# Set the source interface of the tunnel to Gigabitethernet 0/1 on Tunnel 1.
[DeviceA–Tunnel1] source gigabitethernet 0/1