Verifying the configuration, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

198

•

Select SHA1 as the ESP authentication algorithm.

•

Select DES as the ESP encryption algorithm.

•

Click Apply.

# Configure IKE peer peer.

•

Select VPN > IKE > Peer from the navigation tree and then click Add.

•

Enter peer as the peer name.

•

Select Main as the negotiation mode.

•

Enter 2.2.2.1 as the IP address of the remote gateway.

•

Select Pre-Shared Key and enter abcde as the pre-shared key.

•

Click Apply.

# Configure IPsec policy map1.

•

Select VPN > IPSec > Policy from the navigation tree and then click Add.

•

Enter map1 as the policy name.

•

Enter 10 as the sequence number.

•

Select the IKE peer of peer.

•

Select the IPsec proposal of tran1 and click <<.

•

Enter 3101 as the ACL.

•

Click Apply.

# Apply IPsec policy map1 to GigabitEthernet 0/1.

•

Select VPN > IPSec > IPSec Application from the navigation tree, and then click the

icon of

interface GigabitEthernet 0/1.

•

Select the policy of map1.

•

Click Apply.

Verifying the configuration

After you complete the configuration, packets to be exchanged between subnet 10.1.1.0/24 and subnet

10.1.2.0/24 triggers the negotiation of SAs by IKE. After IKE negotiation succeeds and the IPsec SAs are

established, a static route to subnet 10.1.2.0/24 via 2.2.2.2 is added to the routing table on Device A,
and traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 is protected by IPsec.

Manual mode IPsec tunnel for IPv4 packets configuration
example at the CLI

Network requirements

As shown in

Figure 127

, configure an IPsec tunnel between SecPath A and SecPath B to protect data flows

between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel to use the security protocol

ESP, the encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96.