210
Configuration procedure
1. Make sure that Router A and Router B can reach each other.
2. Configure Router A:
# Configure ACL 3101 to identify traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Create IPsec transform set tran1.
[RouterA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[RouterA-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Use security protocol ESP.
[RouterA-ipsec-transform-set-tran1] transform esp
# Specify encryption and authentication algorithms.
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-tran1] quit
# Create IKE peer peer.
[RouterA] ike peer peer
# Set the pre-shared key.
[RouterA-ike-peer-peer] pre-shared-key abcde
# Specify the IP address of the peer security gateway.
[RouterA-ike-peer-peer] remote-address 2.2.2.2
[RouterA-ike-peer-peer] quit
# Create an IKE proposal numbered 10.
[RouterA] ike proposal 10
# Set the authentication algorithm to MD5.
[RouterA-ike-proposal-10] authentication-algorithm md5
# Set the authentication method to pre-shared key.
[RouterA-ike-proposal-10] authentication-method pre-share
# Set the ISAKMP SA lifetime to 5000 seconds.
[RouterA-ike-proposal-10] sa duration 5000
[RouterA-ike-proposal-10] quit
# Create an IPsec policy that uses IKE negotiation.
[RouterA] ipsec policy map1 10 isakmp
# Reference IPsec transform set tran1.
[RouterA-ipsec-policy-isakmp-map1-10] transform-set tran1
# Reference ACL 3101 to identify the protected traffic.
[RouterA-ipsec-policy-isakmp-map1-10] security acl 3101
# Reference IKE peer peer.
[RouterA-ipsec-policy-isakmp-map1-10] ike-peer peer
[RouterA-ipsec-policy-isakmp-map1-10] quit
# Assign an IP address to interface Ethernet 1/2.
[RouterA] interface ethernet 1/2
To Next Page
Loading...
Need help?
General
