beautypg.com

Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 177

background image

13

[DeviceB] ipsec policy policy 10 isakmp

# Configure the IPsec policy to reference the IKE peer.

[DeviceB-ipsec-policy-isakmp-policy-10] ike-peer peer

# Configure the IPsec policy to reference ACL 3101.

[DeviceB-ipsec-policy-isakmp-policy-10] security acl 3101

# Configure the IPsec policy to reference IPsec proposal prop.

[DeviceB-ipsec-policy-isakmp-policy-10] proposal prop

[DeviceB-ipsec-policy-isakmp-policy-10] quit

# Configure dynamic IP address negotiation for interface Serial 2/0.

[DeviceB] interface serial 2/0

[DeviceB-Serial2/0] ip address ppp-negotiate

# Apply the IPsec policy group to interface Serial 2/0.

[DeviceB-Serial2/0] ipsec policy policy

Example for Configuring IPsec/IKE to Work with ADSL

Network requirements

Deploying IPsec in combination with ADSL, this example reflects a popular application of IPsec.

As shown in

Figure 13

, Device B is connected to the DLSAM access side of the public network

directly through ADSL as the client of PPPoE. Because Device B can obtain only private address from

its ISP, you need to configure NAT traversal on both Device A and Device B.

The headquarters LAN is connected to the network through Device A.

To ensure information security, IPsec/IKE is adopted to create an IPsec tunnel.

Figure 13 Network diagram of IPsec/IKE with ADSL

Configuration procedure

1.

Configure Device A

# Specify a name for the local security gateway.

system-view

[DeviceA] ike local-name devicea

# Configure an ACL.

[DeviceA] acl number 3101

[DeviceA-acl-adv-3101] rule 0 permit ip source 172.16.0.0 0.0.0.255 destination

192.168.0.0 0.0.0.255

[DeviceA-acl-adv-3101] quit

# Configure an IKE proposal.