Ipsec configuration example, Network requirements, Configuring ac 1 – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 885
864
Figure 919 Packet statistics
IPsec configuration example
Network requirements
As shown in
, an enterprise branch accesses the headquarters through IPsec VPN. Configure
the IPsec VPN as follows:
•
Configure an IPsec tunnel between AC 1 and AC 1 to protect traffic between the headquarters
subnet 10.1.1.0/24 and the branch subnet 10.1.2.0/24.
•
Configure the tunnel to use the security protocol ESP, encryption algorithm DES, and authentication
algorithm SHA-1.
•
Enable IPsec RRI on AC 1, so AC 1 can automatically create a static route from the headquarters to
the branch when the IPsec SA is established. Specify the next hop as 2.2.2.2.
Figure 920 Network diagram
Configuring AC 1
1.
Configure IP addresses for the interfaces, and assign the interfaces to target zones. (Details not
shown.)
2.
Define ACL 3101 to permit packets from subnet 10.1.1.0/24 to subnet 10.1.2.0/24:
Headquarter
Branch
Internet
Device A
Device B
GE0/1
2.2.2.1/24
GE0/1
2.2.3.1/24
GEth0/0
10.1.1.1/24
GE0/0
10.1.2.1/24
Host A
10.1.1.2/24
Host B
10.1.2.2/24