Configuration prerequisites, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 189
177
•
Configure the keys on all routers within the routed network scope in the same format. For example,
if you enter the keys in hexadecimal format on one router, do so across the routed network scope.
Configuration prerequisites
Configure ACLs used for identifying protected traffic and IPsec proposals. ACLs are not required for IPsec
policies for an IPv6 protocol.
Configuration procedure
To configure a manual IPsec policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a manual IPsec
policy and enter its
view.
ipsec policy policy-name seq-number
manual
By default, no IPsec policy exists.
3.
Assign an ACL to the
IPsec policy.
security acl acl-number
Not needed for IPsec policies to be
applied to IPv6 routing protocols
and required for other applications.
By default, an IPsec policy
references no ACL.
The ACL supports match criteria of
the VPN instance attribute.
An IPsec policy can reference only
one ACL. If you apply multiple ACLs
to an IPsec policy, only the last one
takes effect.
4.
Assign an IPsec
proposal to the IPsec
policy.
proposal proposal-name
By default, an IPsec policy
references no IPsec proposal.
A manual IPsec policy can reference
only one IPsec proposal. To change
an IPsec proposal for an IPsec
policy, you must remove the
proposal reference first.
5.
Configure the local
address of the tunnel.
tunnel local ip-address
Not needed for IPsec policies to be
applied to IPv6 routing protocols
and required for other applications.
Not configured by default.
6.
Configure the remote
address of the tunnel.
tunnel remote ip-address
Not configured by default.
7.
Configure the SPIs for
the SAs.
sa spi { inbound | outbound } { ah |
esp } spi-number
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS