H3C Technologies H3C SecPath F1000-E User Manual

22

# Assign IP addresses for the interfaces and then add them to the target zones. (Omitted)
# Define an ACL to permit traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24.

•

Select Firewall > ACL from the navigation tree, and then click Add.

•

Type 3101 as the ACL number.

•

Select the match order of Config.

•

Click Apply.

•

From the ACL list, select ACL 3101 and click the corresponding icon. Then, click Add to enter the

ACL rule configuration page.

•

Select Permit from the Operation drop-down box.

•

Select the Source IP Address check box and type 10.1.2.0 and 0.0.0.255 respectively in the

following text boxes.

•

Select the Destination IP Address check box and type 10.1.1.0 and 0.0.0.255 respectively

in the following text boxes.

•

Click Apply.

# Configure a static route to Host A.

•

Select Network > Routing Management > Static Routing from the navigation tree, and
then click Add.

•

Type 10.1.1.0 as the destination IP address.

•

Type 255.255.255.0 as the mask.

•

Select GigabitEthernet0/1 as the outbound interface.

•

Click Apply.

# Configure an IPsec proposal named tran1.

•

Select VPN > IPSec > Proposal from the navigation tree and then click Add.

•

Select Custom mode from the IPSec Proposal Configuration Wizard page.

•

Type tran1 as the name of the IPsec proposal.

•

Select Tunnel as the packet encapsulation mode.

•

Select ESP as the security protocol.

•

Select SHA1 as the ESP authentication algorithm.

•

Select DES as the ESP encryption algorithm.

•

Click Apply.

# Configure IKE peer peer.

•

Select VPN > IKE > Peer from the navigation tree and then click Add.

•

Type peer as the peer name.

•

Select Main as the negotiation mode.

•

Type 2.2.2.1 as the IP address of the remote gateway.

•

Select Pre-Shared Key and type abcde as the pre-shared key.

•

Click Apply.

# Configure IPsec policy map1.

•

Select VPN > IPSec > Policy from the navigation tree and then click Add.