Configuring router – H3C Technologies H3C SecPath F1000-E User Manual
Page 231
219
Configuring Router
NOTE:
Assign IPv4 addresses to the interfaces. Make sure that SecPath A, SecPath B, and Router have IP
connectivity between them.
# Create ACL 3101, and add a rule to permit traffic from subnet 10.2.2.0/24 to subnet 10.1.1.0/24.
[Router] acl number 3101
[Router-acl-adv-3101] rule permit ip source 10.2.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[Router-acl-adv-3101] quit
# Configure a static route to Host A.
[Router] ip route-static 10.1.1.0 255.255.255.0 192.168.0.1
# Create IPsec proposal tran1.
[Router] ipsec proposal tran1
# Configure the proposal to use the tunnel encapsulation mode.
[Router-ipsec-proposal-tran1] encapsulation-mode tunnel
# Configure the proposal to use the ESP security protocol.
[Router-ipsec-proposal-tran1] transform esp
# Configure ESP to use the DES encryption algorithm and the SHA1 authentication algorithm.
[Router-ipsec-proposal-tran1] esp encryption-algorithm des
[Router-ipsec-proposal-tran1] esp authentication-algorithm sha1
[Router-ipsec-proposal-tran1] quit
# Create and configure IKE peer center.
[Router] ike peer center
[Router-ike-peer-center] pre-shared-key abcde
[Router-ike-peer-center] remote-address 192.168.0.1
# Enable IPsec anti-replay.
[Router] ipsec anti-replay check
# Create an IPsec policy that use IKE, naming it map1 and setting its sequence number to 10.
[Router] ipsec policy map1 10 isakmp
# Reference IPsec proposal tran1.
[Router-ipsec-policy-isakmp-map1-10] proposal tran1
# Reference ACL 3101.
[Router-ipsec-policy-isakmp-map1-10] security acl 3101
# Reference IKE peer center.
[Router-ipsec-policy-isakmp-map1-10] ike-peer center
[Router-ipsec-policy-isakmp-map1-10] quit
# Apply IPsec policy group map1 to interface Ethernet 1/1.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ipsec policy map1
[Router-Ethernet1/1] quit
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS