3com 3031 Instruccion De Instalación
Typical IPSec Configuration Examples
847
Typical IPSec
Configuration
Examples
Configuration
Examples
This section describes the following example configurations.
■
■
Establishing Security
Association Manually
Networking requirement
A security tunnel will be configured between Router A and Router B. Data flow
security protection will be setup between sub-network (10.1.1.x) represented by
PC A and sub-network (10.1.2.x) represented by PC B. Security protocol used is
ESP and encryption algorithm is DES. The authentication method is
SHA1-HMAC-96.
security protection will be setup between sub-network (10.1.1.x) represented by
PC A and sub-network (10.1.2.x) represented by PC B. Security protocol used is
ESP and encryption algorithm is DES. The authentication method is
SHA1-HMAC-96.
Networking diagram
Figure 200 Diagram for IPSec configuration
Configuration procedure
1 Router A will be configured as follows:
a Configure an access control list, defining data flow from sub-network 10.1.1.x
to sub-network 10.1.2.x.
[3Com]acl number 3101
[3Com-acl-adv-3101]rule permit ip source 10.1.1.0 0.0.0.255
destination 10.1.2.0 0.0.0.255
[3Com-acl-adv-3101]rule deny ip source any destination any
b Configure the static route to PC B.
[3Com]ip route-static 10.1.2.0 255.255.255.0 202.38.162.1
c Establish IPSec proposal, and the name is tran1.
Delete Security Association
display ipsec policy-template [ brief |
name policy-name [ seq-number ] ]
Enable IPSec debugging function
debugging ipsec { sa | packet [ policy
policy-name [ seq-number ] | parameters
ip-address protocol spi-number ] | misc }
Disable IPSec debugging function
undo debugging ipsec { sa | packet
[ policy policy-name [ seq-number ] |
parameters ip-address protocol
spi-number ] | misc }
Table 924 Displaying and debugging IPSec
Operation
Command
PC A
10.1.1.2
10.1.1.1
PC B
10.1.2.2
RouterA
Internet
Serial4/1/2
202.38.162.1
Serial2/0/1
202.38.163.1
RouterB
10.1.2.1