3com 3031 Instruccion De Instalación
IPSec Configuration
841
This configuration is used only for
manual
mode IPSec policy. Security association
key can be input manually by using the following commands. (For
isakmp
negotiation IPSec policy, manual configuration for key is not required. IKE will
automatically negotiate security association key.)
automatically negotiate security association key.)
Perform the following in the IPSec Policy View
On both ends of security tunnel, configured Security Association parameters must
be consistent. Security association SPI and shared secret input on local end must
be the same as peer output Security Association SPI and shared secret. Security
association SPI and shared secret output on local end must the same as those
input on peer end.
be consistent. Security association SPI and shared secret input on local end must
be the same as peer output Security Association SPI and shared secret. Security
association SPI and shared secret output on local end must the same as those
input on peer end.
For the character string key and hex string key, the last configured one will be
adopted. On both ends of security tunnel, shared secret should be input in the
same form. If shared secret is input in character string on one end and in hex on
the other end, the security tunnel cannot be correctly established.
adopted. On both ends of security tunnel, shared secret should be input in the
same form. If shared secret is input in character string on one end and in hex on
the other end, the security tunnel cannot be correctly established.
Creating IPSec by using IKE
Following are the configuration tasks for creating an IPSec policy by using IKE.
■
Create IPSec policy by using IKE
■
Configure ACL quoted by the IPSec policy
■
Specify the endpoint of the security tunnel
■
Quote an IPSec proposal in the IPSec policy
■
Configure the lifetime of an SA
■
Configure the PFS feature in negotiation (optional)
1 Creating an IPSec policy by using IKE
Perform the following in the System View.
Table 911 Configuring key used by security association
Operation
Command
Configure AH protocol authentication
key
key
(input in hex form)
sa authentication-hex { inbound |
outbound } { ah | esp } hex-key
Configure protocol authentication key
(input in character string)
sa string-key { inbound | outbound }
{ ah | esp } string-key
Configure ESP encryption key
(input in hex form)
sa encryption-hex { inbound |
outbound } esp hex-key
Delete configured security association
parameter
parameter
undo string-key { inbound | outbound
} { ah | esp }
undo sa authentication-hex { inbound
| outbound } { ah | esp }
undo encryption-hex { inbound |
outbound } esp
Table 912 Creating an IPSec policy
Operation
Command
Create an IPSec policy by using IKE
and access the IPSec policy view
and access the IPSec policy view
ipsec policy policy-name seq-number
isakmp