Configuring router – H3C Technologies H3C SecPath F1000-E User Manual

219

Configuring Router

NOTE:

Assign IPv4 addresses to the interfaces. Make sure that SecPath A, SecPath B, and Router have IP
connectivity between them.

# Create ACL 3101, and add a rule to permit traffic from subnet 10.2.2.0/24 to subnet 10.1.1.0/24.

system-view

[Router] acl number 3101

[Router-acl-adv-3101] rule permit ip source 10.2.2.0 0.0.0.255 destination 10.1.1.0

0.0.0.255

[Router-acl-adv-3101] quit

# Configure a static route to Host A.

[Router] ip route-static 10.1.1.0 255.255.255.0 192.168.0.1

# Create IPsec proposal tran1.

[Router] ipsec proposal tran1

# Configure the proposal to use the tunnel encapsulation mode.

[Router-ipsec-proposal-tran1] encapsulation-mode tunnel

# Configure the proposal to use the ESP security protocol.

[Router-ipsec-proposal-tran1] transform esp

# Configure ESP to use the DES encryption algorithm and the SHA1 authentication algorithm.

[Router-ipsec-proposal-tran1] esp encryption-algorithm des

[Router-ipsec-proposal-tran1] esp authentication-algorithm sha1

[Router-ipsec-proposal-tran1] quit

# Create and configure IKE peer center.

[Router] ike peer center

[Router-ike-peer-center] pre-shared-key abcde

[Router-ike-peer-center] remote-address 192.168.0.1

# Enable IPsec anti-replay.

[Router] ipsec anti-replay check

# Create an IPsec policy that use IKE, naming it map1 and setting its sequence number to 10.

[Router] ipsec policy map1 10 isakmp

# Reference IPsec proposal tran1.

[Router-ipsec-policy-isakmp-map1-10] proposal tran1

# Reference ACL 3101.

[Router-ipsec-policy-isakmp-map1-10] security acl 3101

# Reference IKE peer center.

[Router-ipsec-policy-isakmp-map1-10] ike-peer center

[Router-ipsec-policy-isakmp-map1-10] quit

# Apply IPsec policy group map1 to interface Ethernet 1/1.

[Router] interface ethernet 1/1

[Router-Ethernet1/1] ipsec policy map1

[Router-Ethernet1/1] quit