320
IPsec configuration examples
Configuring a manual mode IPsec tunnel for IPv4 packets
Network requirements
As shown in Figure 92, establish an IPsec tunnel between Switch A and Switch B to protect data
flows between the switches. Configure the tunnel as follows:
• Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption
algorithm as AES-CBC-192, and the authentication algorithm as HMAC-SHA1.
• Manually set up IPsec SAs.
Figure 92 Network diagram
Configuration procedure
1. Configure Switch A:
# Configure an IP address for VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 2.2.2.1 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Configure an IPv4 advanced ACL to identify the data flows between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 2.2.2.1 0 destination 2.2.3.1 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Specify the encapsulation mode as tunnel.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Specify the security protocol as ESP.
[RouterA-ipsec-transform-set-tran1] protocol esp
# Specify the ESP encryption and authentication algorithms.
[SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-192
[SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-transform-set-tran1] quit
# Create a manual IPsec policy entry. Specify the policy name as map1 and set the sequence
number to 10.
[SwitchA] ipsec policy map1 10 manual
# Specify ACL 3101.
[SwitchA-ipsec-policy-manual-map1-10] security acl 3101
# Specify IPsec transform set tran1.
[SwitchA-ipsec-policy-manual-map1-10] transform-set tran1
# Specify the remote IP address of the IPsec tunnel as 2.2.3.1.
[SwitchA-ipsec-policy-manual-map1-10] remote-address 2.2.3.1
To Next Page
Loading...
