209
Step Command Remark
2. Disable Next payload field
checking.
ike next-payload check
disabled
Enabled by default.
Displaying and maintaining IKE
Task Command Remarks
Display IKE DPD information.
display ike dpd
[ dpd-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display IKE peer information.
display
ike
peer
[ peer-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display IKE SA information.
display ike sa
[
verbose
[
connection-id
connection-id |
remote-address
remote-address ] ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Display IKE proposal information.
display ike proposal
[
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Clear SAs established by IKE.
reset ike sa
[ connection-id ]
Available in user
view.
IKE configuration examples
Configuring main mode IKE with pre-shared key
authentication
Network requirements
As shown in Figure 66, configure an IPsec tunnel that uses IKE negotiation between Router A and
Router B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
For Router A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm MD5. Leave Router B with only the default IKE proposal. Configure the two routers to use
the pre-shared key authentication method.
Figure 66 Network diagram
Internet
Host A
10.1.1.2/24
Router A
Host B
10.1.2.2/24
Router B
Eth1/1
1.1.1.1/16
Eth1/1
2.2.2.2/16
Eth1/2
10.1.1.1/24
Eth1/2
10.1.2.1/24
To Next Page
Loading...
