301
<SwitchB> system-view
[SwitchB] interface Vlan-interface1
[SwitchB-Vlan-interface1] ip address 2.2.2.2 255.255.255.0
[SwitchB-Vlan-interface1] quit
# Configure ACL 3101 to identify traffic from Switch B to Switch A.
[SwitchB] acl number 3101
[SwitchB-acl-adv-3101] rule 0 permit ip source 2.2.2.2 0 destination 1.1.1.0 0
[SwitchB-acl-adv-3101] rule 1 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchB-acl-adv-3101] quit
# Create IPsec proposal tran1.
[SwitchB] ipsec proposal tran1
# Set the packet encapsulation mode to tunnel.
[SwitchB-ipsec-proposal-tran1] encapsulation-mode tunnel
# Use security protocol ESP.
[SwitchB-ipsec-proposal-tran1] transform esp
# Specify encryption and authentication algorithms.
[SwitchB-ipsec-proposal-tran1] esp encryption-algorithm aes 128
[SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchB-ipsec-proposal-tran1] quit
# Create an IKE proposal numbered 10.
[SwitchB] ike proposal 10
# Set the authentication algorithm to SHA1.
[SwitchB-ike-proposal-10] authentication-algorithm sha
# Configure the authentication method as pre-shared key.
[SwitchB-ike-proposal-10] authentication-method pre-share
# Set the ISAKMP SA lifetime to 5000 seconds.
[SwitchB-ike-proposal-10] sa duration 5000
[SwitchB-ike-proposal-10] quit
# Create IKE peer peer.
[SwitchB] ike peer peer
# Configure the IKE peer to reference IKE proposal 10.
[SwitchB-ike-peer-peer]proposal 10
# Set the pre-shared key.
[SwitchB-ike-peer-peer] pre-shared-key Ab12<><>
# Specify the IP address of the peer security gateway.
[SwitchB-ike-peer-peer] remote-address 1.1.1.1
[SwitchB-ike-peer-peer] quit
# Create an IPsec policy that uses IKE negotiation.
[SwitchB] ipsec policy use1 10 isakmp
# Reference IPsec proposal tran1.
[SwitchB-ipsec-policy-isakmp-use1-10] proposal tran1
# Reference ACL 3101 to identify the protected traffic.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
To Next Page
Loading...
Need help?
General