297
[SwitchA] ipsec proposal tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-proposal-tran1] encapsulation-mode tunnel
# Use security protocol ESP.
[Switch-ipsec-proposal-tran1] transform esp
# Specify encryption and authentication algorithms.
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm aes 128
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
# Create an IKE proposal numbered 10.
[SwitchA] ike proposal 10
# Set the authentication algorithm to
SHA1
.
[SwitchA-ike-proposal-10] authentication-algorithm sha
# Configure the authentication method as pre-shared key.
[SwitchA-ike-proposal-10] authentication-method pre-share
# Set the ISAKMP SA lifetime to 5000 seconds.
[SwitchA-ike-proposal-10] sa duration 5000
[SwitchA-ike-proposal-10] quit
# Create IKE peer
peer
.
[SwitchA] ike peer peer
# Configure the IKE peer to reference IKE proposal 10.
[SwitchA-ike-peer-peer]proposal 10
# Set the pre-shared key.
[SwitchA-ike-peer-peer] pre-shared-key Ab12<><>
# Specify the IP address of the peer security gateway.
[SwitchA-ike-peer-peer] remote-address 2.2.2.2
[SwitchA-ike-peer-peer] quit
# Create an IPsec policy that uses IKE negotiation.
[SwitchA] ipsec policy map1 10 isakmp
# Reference IPsec proposal
tran1
.
[SwitchA-ipsec-policy-isakmp-map1-10] proposal tran1
# Reference ACL 3101 to identify the protected traffic.
[SwitchA-ipsec-policy-isakmp-map1-10] security acl 3101
# Reference IKE peer
peer
.
[SwitchA-ipsec-policy-isakmp-map1-10] ike-peer peer
[SwitchA-ipsec-policy-isakmp-map1-10] quit
# Apply the IPsec policy to VLAN-interface 1.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ipsec policy map1
3.
Configure Switch B:
# Assign an IP address to VLAN-interface 1.
<SwitchB> system-view