3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

181

182

183

184

185

186

187

188

189

190

Typical Configuration of IKE 181

If no connection-id is specified, all the SAs at stage 1 will be removed.

Security channel and SA are totally different concepts. Security channel is a

channel via which its two endpoints can make bidirectional communications but

IPsec SA is just a unidirectional connection. In other words, security channel

comprises a pair or several pairs of SAs.

Typical Configuration

of IKE

Typical IK E

Configuration Example

Networking requirement

■ Hosts 1 and 2 communicate securely, and a security channel is established with

IKE automatic negotiation between security GWs A and B.

■ Configure an IKE proposal assigned with the priority level 10 on the security

GW A and apply the default IKE proposal on the security GW B.

■ Configure authentication key for the proposal using the pre-shared key

authentication method.

Networking diagram

Figure 40 Networking diagram of IKE configuration example

Configuration procedure

1 Make the following configurations on the security GW A:

# Configure an IKE peer.

[SW8800] ike peer peer

[3Com-ike-peer-peer] pre-shared-key abcde

[3Com-ike-peer-peer] remote-address 171.69.224.33

# Configure an IKE proposal 10.

[SW8800] ike proposal 10

# Set the authentication algorithm used by the IKE proposal to MD5.

[3Com-ike-proposal-10] authentication-algorithm md5

EthernetEthernet

Host 1

(WKHUQHW 2/0/1

202.38.160.1

Host 2

Internet

4XLGZD\$ 4XLGZD\%

Ethernet 2/0/1

171.69.224.33

 