3com 3031 Instruccion De Instalación

This configuration is used only for 

 mode IPSec policy. Security association 

key can be input manually by using the following commands. (For 

 

negotiation IPSec policy, manual configuration for key is not required. IKE will 
automatically negotiate security association key.) 

Perform the following in the IPSec Policy View

On both ends of security tunnel, configured Security Association parameters must 
be consistent. Security association SPI and shared secret input on local end must 
be the same as peer output Security Association SPI and shared secret. Security 
association SPI and shared secret output on local end must the same as those 
input on peer end. 

For the character string key and hex string key, the last configured one will be 
adopted. On both ends of security tunnel, shared secret should be input in the 
same form. If shared secret is input in character string on one end and in hex on 
the other end, the security tunnel cannot be correctly established. 

Following are the configuration tasks for creating an IPSec policy by using IKE.

■

Create IPSec policy by using IKE

■

Configure ACL quoted by the IPSec policy

■

Specify the endpoint of the security tunnel

■

Quote an IPSec proposal in the IPSec policy

■

Configure the lifetime of an SA

■

Configure the PFS feature in negotiation (optional)

1 Creating an IPSec policy by using IKE

Perform the following in the System View.

Table 911   Configuring key used by security association

Configure AH protocol authentication 
key

 

(input in hex form)

Configure protocol authentication key

 

(input in character string)

Configure ESP encryption key

 

(input in hex form)

Delete configured security association 
parameter

Table 912   Creating an IPSec policy

Create an IPSec policy by using IKE 
and access the IPSec policy view

ipsec policy policy-name seq-number