3com 3031 Instruccion De Instalación

■

Hosts 1 and 2 communicate securely, and a security channel is established with 
IKE automatic negotiation between security GWs A and B. 

■

Configure an IKE proposal assigned with the priority level 10 on the security 
GW A and apply the default IKE proposal on the security GW B.

■

Configure authentication key for the proposal using the pre-shared key 
authentication method.

Figure 202   Networking diagram of IKE configuration example

1 Make the following configurations on the security GW A:

a Configure an IKE peer.

[3Com]ike-peer peer

[3Com-ike-peer-peer]pre-shared-key abcde

[3Com-ike-peer-peer]remote-address 171.69.224.33

b Configure an IKE proposal 10.

[3Com]ike proposal 10

c Set the authentication algorithm used by the IKE proposal to MD5.

[3Com-ike-proposal-10]authentication-algorithm md5

d Apply the pre-shared key authentication mode.

[3Com-ike-proposal-10]authentication-method pre-share

e Set the lifetime duration of ISAKMP SA to 5000 seconds.

[3Com-ike-proposal-10]sa duration 5000

2 Make the following configurations on the security GW B:

■

Configure an IKE peer.

[3Com]ike-peer peer

[3Com-ike-peer-peer]pre-shared-key abcde

[3Com-ike-peer-peer]remote-address 202.38.160.1

The configurations made above can ensure the proper IKE negotiation between 
GWs A and B. As GW A is configured with proposal 10 and 
authentication-algorithm md5 but GW B is configured with only a default IKE 
proposal and authentication-algorithm sha, GW B will not have a proposal 

Ethernet

Ethernet

Host 1

Serial 12/0/1

202.38.160.1

Host 2

Internet

Security gateway A

Serial 4/1/2

171.69.224.33

Security gateway B

202.39.1.0

172.70.2.0