R2511-HP MSR Router Series Security Configuration Guide(V5)
478
Configuring KS 1
# Configure IP addresses for interfaces. (Details not shown.)
# Configure IKE proposal 1.
<KS1> system-view
[KS1] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for IKE proposal 1.
[KS1-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for IKE proposal 1.
[KS1-ike-proposal-1] authentication-algorithm sha
# Specify DH group 2 for IKE proposal 1.
[KS1-ike-proposal-1] dh group2
[KS1-ike-proposal-1] quit
# Create the IKE peer toks2 for IKE negotiation with KS 2.
[KS1] ike peer toks2
# Apply IKE proposal 1 to the IKE peer.
[KS1-ike-peer-toks2] proposal 1
# Configure the pre-shared key as tempkey1 in plaintext.
[KS1-ike-peer-toks2] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 200.2.2.200.
[KS1-ike-peer-toks2] remote-address 200.2.2.200
[KS1-ike-peer-toks2] quit
# Create the IKE peer togm for IKE negotiation with GMs.
[KS1] ike peer togm
# Apply IKE proposal 1 to the IKE peer.
[KS1-ike-peer-togm] proposal 1
# Configure the pre-shared key as tempkey1 in plaintext.
[KS1-ike-peer-togm] pre-shared-key simple tempkey1
[KS1-ike-peer-togm] quit
# Create an IPsec transform set fortek.
[KS1] ipsec transform-set fortek
# Specify the ESP protocol for the IPsec transform set fortek.
[KS1-ipsec-transform-set-fortek] transform esp
# Specify the encryption algorithm AES-CBC 128 for the IPsec transform set fortek.
[KS1-ipsec-transform-set-fortek] esp encryption-algorithm aes-cbc-128
# Specify the authentication algorithm SHA1 for the IPsec transform set fortek.
[KS1-ipsec-transform-set-fortek] esp authentication-algorithm sha1
[KS1-ipsec-transform-set-fortek] quit
# Create an IPsec profile fortek.
[KS1] ipsec profile fortek
# Reference the IPsec transform set fortek for the IPsec profile fortek.
[KS1-ipsec-profile-fortek] transform-set fortek
[KS1-ipsec-profile-fortek] quit