R3303-HP HSR6800 Routers Security Configuration Guide
85
[GM1-Ethernet1/1] quit
Configuring GM 2
# Configure IP addresses for interfaces. (Details not shown.)
# Create IKE proposal 1.
<GM2> system-view
[GM2] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for the IKE proposal.
[GM2-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for the IKE proposal.
[GM2-ike-proposal-1] authentication-algorithm sha
# Specify DH group2 for the IKE proposal.
[GM2-ike-proposal-1] dh group2
[GM2-ike-proposal-1] quit
# Create IKE peer toks1.
[GM2] ike peer toks1
# Reference IKE proposal 1 for the IKE peer.
[GM2-ike-peer-toks1] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM2-ike-peer-toks1] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 100.1.1.100.
[GM2-ike-peer-toks1] remote-address 100.1.1.100
[GM2-ike-peer-toks1] quit
# Create IKE peer toks2.
[GM2] ike peer toks2
# Reference IKE proposal 1 for the IKE peer.
[GM2-ike-peer-toks2] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM2-ike-peer-toks2] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 200.2.2.200.
[GM2-ike-peer-toks2] remote-address 200.2.2.200
[GM2-ike-peer-toks2] quit
# Create GDOI GM group 1.
[GM2] gdoi gm group 1
# Set the GDOI GM group ID to 12345.
[GM2-gdoi-gm-group-1] identity number 12345
# Specify the KS addresses as 100.1.1.100 and 200.2.2.200.
[GM2-gdoi-gm-group-1] server address 100.1.1.100
[GM2-gdoi-gm-group-1] server address 200.2.2.200
[GM2-gdoi-gm-group-1] quit
# Create a GDOI IPsec policy.
[GM2] ipsec policy map 1 gdoi