3com 3031 Instruccion De Instalación
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
Typical Configuration of IKE
863
Typical Configuration
of IKE
of IKE
Networking requirement
■
Hosts 1 and 2 communicate securely, and a security channel is established with
IKE automatic negotiation between security GWs A and B.
IKE automatic negotiation between security GWs A and B.
■
Configure an IKE proposal assigned with the priority level 10 on the security
GW A and apply the default IKE proposal on the security GW B.
GW A and apply the default IKE proposal on the security GW B.
■
Configure authentication key for the proposal using the pre-shared key
authentication method.
authentication method.
Networking diagram
Figure 202 Networking diagram of IKE configuration example
Configuration procedure
1 Make the following configurations on the security GW A:
a Configure an IKE peer.
[3Com]ike-peer peer
[3Com-ike-peer-peer]pre-shared-key abcde
[3Com-ike-peer-peer]remote-address 171.69.224.33
b Configure an IKE proposal 10.
[3Com]ike proposal 10
c Set the authentication algorithm used by the IKE proposal to MD5.
[3Com-ike-proposal-10]authentication-algorithm md5
d Apply the pre-shared key authentication mode.
[3Com-ike-proposal-10]authentication-method pre-share
e Set the lifetime duration of ISAKMP SA to 5000 seconds.
[3Com-ike-proposal-10]sa duration 5000
2 Make the following configurations on the security GW B:
■
Configure an IKE peer.
[3Com]ike-peer peer
[3Com-ike-peer-peer]pre-shared-key abcde
[3Com-ike-peer-peer]remote-address 202.38.160.1
The configurations made above can ensure the proper IKE negotiation between
GWs A and B. As GW A is configured with proposal 10 and
authentication-algorithm md5 but GW B is configured with only a default IKE
proposal and authentication-algorithm sha, GW B will not have a proposal
GWs A and B. As GW A is configured with proposal 10 and
authentication-algorithm md5 but GW B is configured with only a default IKE
proposal and authentication-algorithm sha, GW B will not have a proposal
Ethernet
Ethernet
Host 1
Serial 12/0/1
202.38.160.1
Host 2
Internet
Security gateway A
Serial 4/1/2
171.69.224.33
Security gateway B
202.39.1.0
172.70.2.0