R3303-HP HSR6800 Routers Security Configuration Guide
84
[GM1] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for the IKE proposal.
[GM1-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for the IKE proposal.
[GM1-ike-proposal-1] authentication-algorithm sha
# Specify DH group2 for the IKE proposal.
[GM1-ike-proposal-1] dh group2
[GM1-ike-proposal-1] quit
# Create IKE peer toks1.
[GM1] ike peer toks1
# Reference IKE proposal 1 for the IKE peer.
[GM1-ike-peer-toks1] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM1-ike-peer-toks1] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 100.1.1.100.
[GM1-ike-peer-toks1] remote-address 100.1.1.100
[GM1-ike-peer-toks1] quit
# Create IKE peer toks2.
[GM1] ike peer toks2
# Reference IKE proposal 1 for the IKE peer.
[GM1-ike-peer-toks2] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM1-ike-peer-toks2] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 200.2.2.200.
[GM1-ike-peer-toks2] remote-address 200.2.2.200
[GM1-ike-peer-toks2] quit
# Create GDOI GM group 1.
[GM1] gdoi gm group 1
# Set the GDOI GM group ID to 12345.
[GM1-gdoi-gm-group-1] identity number 12345
# Specify the KS addresses as 100.1.1.100 and 200.2.2.200.
[GM1-gdoi-gm-group-1] server address 100.1.1.100
[GM1-gdoi-gm-group-1] server address 200.2.2.200
[GM1-gdoi-gm-group-1] quit
# Create a GDOI IPsec policy.
[GM1] ipsec policy map 1 gdoi
# Reference GDOI GM group 1 for the GDOI IPsec policy.
[GM1-ipsec-policy-gdoi-map-1] group 1
[GM1-ipsec-policy-gdoi-map-1] quit
# Apply the IPsec policy to interface Ethernet 1/1.
[GM1] interface ethernet 1/1
[GM1-Ethernet1/1] ipsec policy map