301
delete
|
tunnel-start
|
tunnel-stop
|
unsupport-exch-type
] *
Displaying and maintaining IKE
Execute display commands in any view and reset commands in user view.
Display configuration information about all IKE
proposals.
display ike proposal
Display information about the current IKE SAs.
display ike sa
[
verbose
[
connection-id
connection-id |
remote-address
[
ipv6
]
remote-address [
vpn-instance
vpn-name ] ] ]
Delete IKE SAs.
[
connection-id ]
Clear IKE MIB statistics.
IKE configuration examples
Main mode IKE with pre-shared key authentication
configuration example
Network requirements
As shown in Figure 91, configure an IPsec tunnel that uses IKE negotiation between Switch A and
Switch B to secure the communication.
Configure Switch A and Switch B to use the default IKE proposal for the IKE negotiation to set up the
IPsec SA. Configure the two switches to use the pre-shared key authentication method.
Figure 91 Network diagram
Configuration procedure
Make sure Switch A and Switch B can reach each other.
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.0.0
[SwitchA-vlan-interface1] quit
# Configure ACL 3101 to identify traffic between Switch A and Switch B.
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
Internet
Vlan-int
1
1.1.1.1/16
Vlan-int1
2.2.2.2/16
Switch A
Switch B
To Next Page
Loading...
Need help?
General