R3303-HP HSR6800 Routers Security Configuration Guide
81
# Create an IPsec policy.
[KS1-gdoi-ks-group-ks1] ipsec 10
# Reference the IPsec profile fortek.
[KS1-gdoi-ks-group-ks1-ipsec-10] profile fortek
# Reference the ACL fortek.
[KS1-gdoi-ks-group-ks1-ipsec-10] security acl name fortek
[KS1-gdoi-ks-group-ks1-ipsec-10] quit
# Specify the peer KS 200.2.2.200.
[KS1-gdoi-ks-group-ks1] peer address 200.2.2.200
# Specify the source address of sent packets as 100.1.1.100.
[KS1-gdoi-ks-group-ks1] source address 100.1.1.100
# Specify the local priority as 10000.
[KS1-gdoi-ks-group-ks1] local priority 10000
# Enable KS redundancy.
[KS1-gdoi-ks-group-ks1] redundancy enable
[KS1-gdoi-ks-group-ks1] quit
Configuring KS 2
# Configure IP addresses for interfaces. (Details not shown.)
# Configure IKE proposal 1.
<KS2> system-view
[KS2] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for IKE proposal 1.
[KS2-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for IKE proposal 1.
[KS2-ike-proposal-1] authentication-algorithm sha
# Specify DH group 2 for IKE proposal 1.
[KS2-ike-proposal-1] dh group2
[KS2-ike-proposal-1] quit
# Create the IKE peer toks1 for IKE negotiation with KS 1.
[KS2] ike peer toks1
# Apply IKE proposal 1 to the IKE peer.
[KS2-ike-peer-toks1] proposal 1
# Configure the pre-shared key as tempkey1 in plaintext.
[KS2-ike-peer-toks1] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 100.1.1.100.
[KS2-ike-peer-toks1] remote-address 100.1.1.100
[KS2-ike-peer-toks1] quit
# Create the IKE peer togm for IKE negotiation with GMs.
[KS2] ike peer togm
# Apply IKE proposal 1 to the IKE peer.
[KS2-ike-peer-togm] proposal 1