3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
154 CHAPTER 10: IPSEC CONFIGURATION
IPsec policy will specify security protocol algorithm and packet encapsulation
format by referencing IPsec proposal. Before an IPsec proposal is referenced, this
IPsec proposal must be configured.
Perform the following configuration in system view.
The Security Association can be established through manual mode. One IPsec
policy can reference only one IPsec proposal. If IPsec proposal has been
configured, the former IPsec proposal must be removed so as to configure new
IPsec proposal. On both ends of security Tunnel, IPsec proposals referenced by the
IPsec policy must be configured by using the same security protocol, algorithm and
packet encapsulation mode.
3 Configuring ACL referenced in IPsec policy
IPsec policy will reference access control list. IPsec will specify which packet needs
security protection and which does not according to the rules in this access control
list. Packets permitted by ACL will be in protection, while packets denied by ACL
will not be protected.
Perform the following configuration in IPsec policy view.
One IPsec policy can reference only one access control list. If the IPsec policy has
referenced more than one access control lists, only the last configured list is valid.
4 Configuring Tunnel start/end point
Generally, Tunnels applying IPsec policies are called "security Tunnels". A security
Tunnel is set up between the local and the peer GWs. To ensure the success in
security Tunnel setup, you must configure correct local and peer addresses.
Perform the following configuration in IPsec policy view.
Tabl e 133 Use IPsec proposal in IPsec policy
Operation Command
Configure IPsec proposal referenced by IPsec
policy
proposal proposal-name1 [
proposal-name2... proposal-name6 ]
Remove IPsec proposal referenced by IPsec
policy
undo proposal [ proposal-name ]
Tabl e 134 Configure access control list referenced by IPsec policy
Operation Command
Configure access control list referenced by IPsec policy security acl acl-number
Remove access control list referenced by IPsec policy undo security acl
Tabl e 135 Configure Tunnel start/end point
Operation Command
Configure local address in the IPsec policy tunnel local ip-address
Delete the local address configured in the
IPsec policy
undo tunnel local
Configure peer address in the IPsec policy tunnel remote ip-address