User login control – H3C Technologies H3C S12500-X Series Switches User Manual

147

[SwitchA] display ipsec sa

-------------------------------

Interface: Vlan-interface 1

-------------------------------

-----------------------------

IPsec policy: map1

Sequence number: 10

Mode: manual

-----------------------------

Tunnel id: 549

Encapsulation mode: tunnel

Path MTU: 1443

Tunnel:

local address: 2.2.2.1

remote address: 2.2.3.1

Flow:

as defined in ACL 3101

[Inbound ESP SA]

SPI: 54321 (0x0000d431)

Transform set: ESP-ENCRYPT-AES-CBC-192 ESP-AUTH-SHA1

No duration limit for this SA

[Outbound ESP SA]

SPI: 12345 (0x00003039)

Transform set: ESP-ENCRYPT-AES-CBC-192 ESP-AUTH-SHA1

No duration limit for this SA

250B

Configuring an IKE-based IPsec tunnel for IPv4 packets

474B

Network requirements

As shown in

857H

Figure 44

, establish an IPsec tunnel between Switch A and Switch B to protect data flows

between the switches. Configure the IPsec tunnel as follows:

•

Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption algorithm as
AES-CBC-192, and the authentication algorithm as HMAC-SHA1.

•

Set up SAs through IKE negotiation.

Figure 44 Network diagram

475B

Configuration procedure

1.

Configure Switch A:
# Configure an IP address for VLAN-interface 1.

<SwitchA> system-view

[SwitchA] interface vlan-interface 1