3com 3031 Instruccion De Instalación

C

HAPTER

 61: IKE C

ONFIGURATION

[RouterB-ipsec-policy-isakmp-policy-10]security acl 3101 

h Quote the IPSec proposal “prop” in the IPSec policy.

[RouterB-ipsec-policy-isakmp-policy-10]proposal prop 

Access the serial interface S0/0/0 and assign a dynamic IP address to the 
interface.

[RouterB]interface Serial0/0/0 

[RouterB-Serial0/0/0]ip address ppp-negotiate

Apply the IPSec policy group “policy” on the serial interface S0/0/0.

[RouterB-Serial0/0/0]ipsec policy policy 

The example in this section is a typical application combining IPSec and ADSL, 
which can be seen very often in the actual networking. 

■

Router B provides access service to all the PCs on the LAN of a company’s 
branch on its Ethernet interface, and connects with the DSLAM access end of 
the public network to work as the client in PPPoEoA by making use of an ADSL 
card. The addresses in the headquarters are private network addresses. The IP 
address obtained by Router B dynamically is also a private network address. So 
you must enable NAT traversal on both Router A and Router B.

■

The LAN of the company accesses the ATM network via Router A; Router A 
assigns IP addresses to the hosts on the LAN of the company’s branch as the 
server in PPPoEoA;

■

To ensure information security, IPSec/IKE is adopted to create a security tunnel.

Figure 204   Networking for the application combining ADSL + IPSec/IKE

1 Configure Router A:

a Add the username and password of a local user requiring authentication in the 

local database.

[RouterA]local-user test@adsl password simple 123456

b Configure a local IP address pool for address allocation.

[RouterA]ip pool 80 192.168.38.66 192.168.38.78

c Set a name for the local security GW.

[RouterA]ike local-name routerb

d Configure ACL.

ATM

RouterB

RouterA

Branch

Company

ADSL line

atm0/0/0:ppp-

negotiate

atm0/0/0:10.0.0.1

e0/0/0:192.168.0.1

e0/0/0:172.16.0.1