R2511-HP MSR Router Series Security Configuration Guide(V5)
483
# Reference the ACL fortek.
[KS2-gdoi-ks-group-ks2-ipsec-10] security acl name fortek
[KS2-gdoi-ks-group-ks2-ipsec-10] quit
# Specify the peer KS 100.1.1.100.
[KS2-gdoi-ks-group-ks2] peer address 100.1.1.100
# Specify the source address of sent packets as 200.2.2.200.
[KS2-gdoi-ks-group-ks2]source address 200.2.2.200
# Specify the local priority as 10000.
[KS2-gdoi-ks-group-ks2] local priority 100
# Enable GDOI KS redundancy.
[KS2-gdoi-ks-group-ks2] redundancy enable
Configuring GM 1
# Configure IP addresses for interfaces. (Details not shown.)
# Create IKE proposal 1.
<GM1> system-view
[GM1] ike proposal 1
# Specify the encryption algorithm AES-CBC 128 for the IKE proposal.
[GM1-ike-proposal-1] encryption-algorithm aes-cbc 128
# Specify the authentication algorithm SHA1 for the IKE proposal.
[GM1-ike-proposal-1] authentication-algorithm sha
# Specify DH group2 for the IKE proposal.
[GM1-ike-proposal-1] dh group2
[GM1-ike-proposal-1] quit
# Create IKE peer toks1.
[GM1] ike peer toks1
# Reference IKE proposal 1 for the IKE peer.
[GM1-ike-peer-toks1] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM1-ike-peer-toks1] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 100.1.1.100.
[GM1-ike-peer-toks1] remote-address 100.1.1.100
[GM1-ike-peer-toks1] quit
# Create IKE peer toks2.
[GM1] ike peer toks2
# Reference IKE proposal 1 for the IKE peer.
[GM1-ike-peer-toks2] proposal 1
# Configure the pre-shared key used in IKE negotiation as the plaintext string tempkey1.
[GM1-ike-peer-toks2] pre-shared-key simple tempkey1
# Specify the IP address of the IKE peer as 200.2.2.200.
[GM1-ike-peer-toks2] remote-address 200.2.2.200
[GM1-ike-peer-toks2] quit