188
[RouterB] ipsec policy map1 local-address loopback 0
# Apply the shared source interface policy group to interface Ethernet 1/1.
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 2.2.2.3 24
[RouterB-Ethernet1/1] ipsec policy map1
[RouterB-Ethernet1/1] quit
# Apply the shared source interface policy group to interface Ethernet 1/2.
[RouterB] interface ethernet 1/2
[RouterB-Ethernet1/2] ip address 4.4.4.5 24
[RouterB-Ethernet1/2] ipsec policy map1
[RouterB-Ethernet1/2] quit
# Configure interface Ethernet 1/3.
[RouterB] interface ethernet 1/3
[RouterB-Ethernet1/3] ip address 10.1.2.1 24
[RouterB-Ethernet1/3] quit
# Configure a static route to Host A.
[RouterB] ip route-static 10.1.1.0 255.255.255.0 ethernet 1/1 2.2.2.2
[RouterB] ip route-static 10.1.1.0 255.255.255.0 ethernet 1/2 4.4.4.4
# Configure a static route to interface Loopback 0 on Host B.
[RouterB] ip route-static 1.1.1.0 255.255.255.0 ethernet 1/1 2.2.2.2
[RouterB] ip route-static 1.1.1.0 255.255.255.0 ethernet 1/2 4.4.4.4
3. Verify the configuration:
After the configuration, IKE negotiation is triggered to set up SAs when there is traffic between
subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Physical interfaces Ethernet 1/1 and Ethernet 1/2
will use the shared source interface to negotiate IPsec SAs dynamically.
# Execute the display ipsec sa command. The output shows that the local address and peer
address of the IPsec tunnel are respectively the IP addresses of the two shared interfaces.
[RouterA] display ipsec sa
===============================
Interface: LoopBack0
path MTU: 1536
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
acl version: ACL4
mode: isakmp
-----------------------------
PFS: N, DH group: none
tunnel:
local address: 1.1.1.1
remote address: 3.3.3.3
flow :
sour addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP
dest addr: 10.1.2.0/255.255.255.0 port: 0 protocol: IP
…
To Next Page
Loading...
