R2511-HP MSR Router Series Security Configuration Guide(V5)
480
c/TQ0a0g95Khdy+yl4eDKaFiQQ+Kqn4zdzDTDNq7LRtqr7lGQzVw6srfrr71ib7J
yJFdi2RXETEgOS/jE+xGtNqd38F/YzIRPax7NNMK+hAJC2MzdbN/BEoLWOqG7Plm
hvCE3LFxelExLJU+0XfAX77TI2+5LEHBi1UiGLeH08fd1XUQCefARlIxGoRJdtTu
gHP4+NF4PC9B1/GZoAYUp+171p1QwPk0vyU3TXijueqVUpQBUHGxSE0UW+SS1iwL
8vsSLHIwK4aZ77Z1o+Uw1QBoqw9jpubG4gUkX8RII8E8b13I6/QTH78E4/FgAmIQ
HTYnE2RDHXkhPGR5FGJsZnd21XLvd2BEkGGmhTk80nDeiI2XH3D48E6UahQwcam/
q/txd/KsLnp0rpJkc/WhOTprioeLQQEBayixKRWzNLsZt3L6lqYbA01Z1THho+EV
0Ng0EZKQyiRV1j7gsBYFRinbSAsIpeYlr7gDAnBCRJdSfPNBKG+ewg==
-----END RSA PRIVATE KEY-----
# Create the GDOI KS group ks1.
[KS1] gdoi ks group ks1
# Configure the group ID as 12345.
[KS1-gdoi-ks-group-ks1] identity number 12345
# Reference the key pair rsa1.
[KS1-gdoi-ks-group-ks1] rekey authentication public-key rsa rsa1
# Reference the rekey ACL forrekey.
[KS1-gdoi-ks-group-ks1] rekey acl name forrekey
# Create an IPsec policy.
[KS1-gdoi-ks-group-ks1] ipsec 10
# Reference the IPsec profile fortek.
[KS1-gdoi-ks-group-ks1-ipsec-10] profile fortek
# Reference the ACL fortek.
[KS1-gdoi-ks-group-ks1-ipsec-10] security acl name fortek
[KS1-gdoi-ks-group-ks1-ipsec-10] quit
# Specify the peer KS 200.2.2.200.
[KS1-gdoi-ks-group-ks1] peer address 200.2.2.200
# Specify the source address of sent packets as 100.1.1.100.
[KS1-gdoi-ks-group-ks1] source address 100.1.1.100
# Specify the local priority as 10000.
[KS1-gdoi-ks-group-ks1] local priority 10000
# Enable GDOI KS redundancy.
[KS1-gdoi-ks-group-ks1] redundancy enable
[KS1-gdoi-ks-group-ks1] quit
Configuring KS 2
# Configure IP addresses for interfaces. (Details not shown.)
# Configure IKE proposal 1.
<KS2> system-view
[KS2] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for IKE proposal 1.
[KS2-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for IKE proposal 1.
[KS2-ike-proposal-1] authentication-algorithm sha