296
Displaying and maintaining IKE
Task Command
Remarks
Display IKE DPD information
display ike dpd [ dpd-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display IKE peer information
display ike peer [ peer-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display IKE SA information
display ike sa [ verbose [ connection-id
connection-id | remote-address
remote-address ] ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Display IKE proposal information
display ike proposal [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Clear SAs established by IKE reset ike sa [ connection-id ] Available in user view.
IKE configuration example
Network requirements
As shown in Figure 89, configure an IPsec tunnel that uses IKE negotiation between gateways Switch A
and Switch B to secure the communication between the two switches.
For Switch A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm SHA1. Configure Switch B to use the default IKE proposal.
Configure the two routers to use the pre-shared key authentication method.
Figure 89 Network diagram
Configuration procedure
1. Make sure Switch A and Switch B can reach each other.
2. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Configure ACL 3101 to identify traffic from Switch A to Switch B..
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0
[SwitchA-acl-adv-3101] quit
# Create IPsec proposal tran1.
To Next Page
Loading...
Need help?
General
