3com 3031 Instruccion De Instalación
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
866
C
HAPTER
61: IKE C
ONFIGURATION
[RouterB-ipsec-policy-isakmp-policy-10]security acl 3101
h Quote the IPSec proposal “prop” in the IPSec policy.
[RouterB-ipsec-policy-isakmp-policy-10]proposal prop
i
Access the serial interface S0/0/0 and assign a dynamic IP address to the
interface.
interface.
[RouterB]interface Serial0/0/0
[RouterB-Serial0/0/0]ip address ppp-negotiate
j
Apply the IPSec policy group “policy” on the serial interface S0/0/0.
[RouterB-Serial0/0/0]ipsec policy policy
Typical ADSL+IPSec/
IKE Configuration
Example
IKE Configuration
Example
Networking requirement
The example in this section is a typical application combining IPSec and ADSL,
which can be seen very often in the actual networking.
which can be seen very often in the actual networking.
■
Router B provides access service to all the PCs on the LAN of a company’s
branch on its Ethernet interface, and connects with the DSLAM access end of
the public network to work as the client in PPPoEoA by making use of an ADSL
card. The addresses in the headquarters are private network addresses. The IP
address obtained by Router B dynamically is also a private network address. So
you must enable NAT traversal on both Router A and Router B.
branch on its Ethernet interface, and connects with the DSLAM access end of
the public network to work as the client in PPPoEoA by making use of an ADSL
card. The addresses in the headquarters are private network addresses. The IP
address obtained by Router B dynamically is also a private network address. So
you must enable NAT traversal on both Router A and Router B.
■
The LAN of the company accesses the ATM network via Router A; Router A
assigns IP addresses to the hosts on the LAN of the company’s branch as the
server in PPPoEoA;
assigns IP addresses to the hosts on the LAN of the company’s branch as the
server in PPPoEoA;
■
To ensure information security, IPSec/IKE is adopted to create a security tunnel.
Networking diagram
Figure 204 Networking for the application combining ADSL + IPSec/IKE
Configuration procedure
1 Configure Router A:
a Add the username and password of a local user requiring authentication in the
local database.
[RouterA]local-user test@adsl password simple 123456
b Configure a local IP address pool for address allocation.
[RouterA]ip pool 80 192.168.38.66 192.168.38.78
c Set a name for the local security GW.
[RouterA]ike local-name routerb
d Configure ACL.
ATM
RouterB
RouterA
Branch
Company
ADSL line
atm0/0/0:ppp-
negotiate
atm0/0/0:10.0.0.1
e0/0/0:192.168.0.1
e0/0/0:172.16.0.1