3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

161

162

163

164

165

166

167

168

169

170

168 CHAPTER 10: IPSEC CONFIGURATION

[Router] acl number 3000

[Router-acl-adv-3000] rule permit ip source 20.0.0.0 0.0.0.255

destination 10.0.0.0 0.0.0.255

[Router-acl-adv-3000] quit

# Configure the IPsec IKE.

[Router] ike peer same

[Router-ike-peer-same] pre-shared-key 3com

[Router-ike-peer-same] remote-address 50.0.0.254

[Router] quit

# Configure the IPsec proposal.

[Router] ipsec proposal tran

[Router-ipsec-proposal-tran] encapsulation-mode Tunnel

[Router-ipsec-proposal-tran] transform esp

[Router-ipsec-proposal-tran] esp encryption-algorithm des

[Router-ipsec-proposal-tran] esp authentication-algorithm sha1

[Router-ipsec-proposal-tran] quit

# Configure the IPsec policy.

[Router] ipsec policy auto 1 isakmp

[Router-ipsec-policy-isakmp-auto-1] ike-peer same

[Router-ipsec-policy-isakmp-auto-1] proposal tran

[Router-ipsec-policy-isakmp-auto-1] security acl 3000

[Router-ipsec-policy-isakmp-auto-1] quit

# Apply the IPsec policy to the sub-interface of the external network.

[Route] interface GigabitEthernet 0/0

[Router-GigabitEthernet0/0] ipsec policy auto

[Router-GigabitEthernet0/0] quit

# Configure the static route.

[Router] ip route-static 0.0.0.0 0 50.0.0.254

4 3Com (IPsecModule)

# Divide VLANs.

<SW8800> system-view

[SW8800] vlan 10

[3Com-vlan10] quit

[SW8800] vlan 30

[3Com-vlan30] quit

[SW8800] vlan 50

[3Com-vlan50] quit

# Configure the IP address.

[SW8800] interface vlan-interface 10

[3Com-Vlan-interface10] ip address 10.0.0.254 24

[3Com-Vlan-interface10] quit

[SW8800] interface vlan-interface 30