Configuring secpath b – H3C Technologies H3C SecPath F1000-E User Manual

202

# Apply the IPsec proposal.

[SecPathA-ipsec-policy-isakmp-map1-10] proposal tran1

# Apply the ACL.

[SecPathA-ipsec-policy-isakmp-map1-10] security acl 3101

# Apply the IKE peer.

[SecPathA-ipsec-policy-isakmp-map1-10] ike-peer peer

[SecPathA-ipsec-policy-isakmp-map1-10] quit

# Configure the IP address of the GigabitEthernet interface.

[SecPathA] interface GigabitEthernet 0/2

[SecPathA-GigabitEthernet0/2] ip address 2.2.2.1 255.255.255.0

# Apply the IPsec policy group to the interface.

[SecPathA-GigabitEthernet0/2] ipsec policy map1

Configuring SecPath B

# Define an ACL to identify data flows from subnet 10.1.2.0/24 to subnet 10.1.1.0/24.

system-view

[SecPathB] acl number 3101

[SecPathB-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0

0.0.0.255

[SecPathB-acl-adv-3101] quit

# Configure a static route to Host A.

[SecPathB] ip route-static 10.1.1.0 255.255.255.0 GigabitEthernet 0/2

# Create an IPsec proposal named tran1.

[SecPathB] ipsec proposal tran1

# Specify the encapsulation mode as tunnel.

[SecPathB-ipsec-proposal-tran1] encapsulation-mode tunnel

# Specify the security protocol as ESP.

[RouterB-ipsec-proposal-tran1] transform esp

# Specify the algorithms for the proposal.

[SecPathB-ipsec-proposal-tran1] esp encryption-algorithm des

[SecPathB-ipsec-proposal-tran1] esp authentication-algorithm sha1

[SecPathB-ipsec-proposal-tran1] quit

# Configure the IKE peer.

[SecPathB] ike peer peer

[SecPathB-ike-peer-peer] pre-shared-key abcde

[SecPathB-ike-peer-peer] remote-address 2.2.2.1

[SecPathB-ike-peer-peer] quit

# Create an IPsec policy that uses IKE for IPsec SA negotiation.

[SecPathB] ipsec policy use1 10 isakmp

# Apply the ACL.

[SecPathB-ipsec-policy-isakmp-use1-10] security acl 3101

# Apply the IPsec proposal.

[SecPathB-ipsec-policy-isakmp-use1-10] proposal tran1

# Apply the IKE peer.