R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)
435
[RouterA] ipsec transform-set trans
# Specify the encapsulation mode as transport.
[RouterA-ipsec-transform-set-trans] encapsulation-mode transport
# Specify the ESP encryption and authentication algorithms.
[RouterA-ipsec-transform-set-trans] esp encryption-algorithm 3des-cbc
[RouterA-ipsec-transform-set-trans] esp authentication-algorithm md5
# Specify the AH authentication algorithm.
[RouterA-ipsec-transform-set-trans] ah authentication-algorithm md5
[RouterA-ipsec-transform-set-trans] quit
# Create a manual IPsec profile named profile001.
[RouterA] ipsec profile profile001 manual
# Reference IPsec transform set trans.
[RouterA-ipsec-profile-profile001-manual] transform-set trans
# Configure the inbound and outbound SPIs for AH.
[RouterA-ipsec-profile-profile001-manual] sa spi inbound ah 100000
[RouterA-ipsec-profile-profile001-manual] sa spi outbound ah 100000
# Configure the inbound and outbound SPIs for ESP.
[RouterA-ipsec-profile-profile001-manual] sa spi inbound esp 200000
[RouterA-ipsec-profile-profile001-manual] sa spi outbound esp 200000
# Configure the inbound and outbound SA keys for AH.
[RouterA-ipsec-profile-profile001-manual] sa string-key inbound ah simple abc
[RouterA-ipsec-profile-profile001-manual] sa string-key outbound ah simple abc
# Configure the inbound and outbound SA keys for ESP.
[RouterA-ipsec-profile-profile001-manual] sa string-key inbound esp simple 123
[RouterA-ipsec-profile-profile001-manual] sa string-key outbound esp simple 123
[RouterA-ipsec-profile-profile001-manual] quit
{ On Router B:
# Create an IPsec transform set named trans.
[RouterB] ipsec transform-set trans
# Specify the encapsulation mode as transport.
[RouterB-ipsec-transform-set-trans] encapsulation-mode transport
# Specify the ESP encryption and authentication algorithms.
[RouterB-ipsec-transform-set-trans] esp encryption-algorithm 3des-cbc
[RouterB-ipsec-transform-set-trans] esp authentication-algorithm md5
# Specify the AH authentication algorithm.
[RouterB-ipsec-transform-set-trans] ah authentication-algorithm md5
[RouterB-ipsec-transform-set-trans] quit
# Create a manual IPsec profile named profile001.
[RouterB] ipsec profile profile001 manual
# Reference IPsec transform set trans.
[RouterB-ipsec-profile-profile001-manual] transform-set trans
# Configure the inbound and outbound SPIs for AH.
[RouterB-ipsec-profile-profile001-manual] sa spi inbound ah 100000
[RouterB-ipsec-profile-profile001-manual] sa spi outbound ah 100000