R0106-HP MSR Router Series Security Configuration Guide(V7)
271
# Specify the ESP encryption and authentication algorithms.
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Create a manual IPsec policy entry with the name use1 and the sequence number 10.
[RouterB] ipsec policy use1 10 manual
# Apply ACL 3101.
[RouterB-ipsec-policy-manual-use1-10] security acl 3101
# Apply IPsec transform set tran1.
[RouterB-ipsec-policy-manual-use1-10] transform-set tran1
# Specify the remote IP address of the IPsec tunnel as 2.2.2.1.
[RouterB-ipsec-policy-manual-use1-10] remote-address 2.2.2.1
# Configure the inbound and outbound SPIs for ESP.
[RouterB-ipsec-policy-manual-use1-10] sa spi outbound esp 54321
[RouterB-ipsec-policy-manual-use1-10] sa spi inbound esp 12345
# Configure the inbound and outbound SA keys for ESP.
[RouterB-ipsec-policy-manual-use1-10] sa string-key outbound esp simple gfedcba
[RouterB-ipsec-policy-manual-use1-10] sa string-key inbound esp simple abcdefg
[RouterB-ipsec-policy-manual-use1-10] quit
# Apply the IPsec policy use1 to interface GigabitEthernet 2/1/2.
[RouterB] interface gigabitethernet 2/1/2
[RouterB-GigabitEthernet2/1/2] ipsec policy use1
[RouterB-GigabitEthernet2/1/2] quit
Verifying the configuration
After the configuration is completed, an IPsec tunnel between Router A and Router B is established, and
the traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 is IPsec protected. This example uses
Router A to verify the configuration.
# Use the display ipsec sa command to display IPsec SAs on Router A.
[RouterA] display ipsec sa
-------------------------------
Interface: GigabitEthernet2/1/2
-------------------------------
-----------------------------
IPsec policy: map1
Sequence number: 10
Mode: manual
-----------------------------
Tunnel id: 549
Encapsulation mode: tunnel
Path MTU: 1443
Tunnel:
local address: 2.2.2.1
remote address: 2.2.3.1
Flow:
as defined in ACL 3101