Displaying and maintaining IKE
Execute display commands in any view and reset commands in user view.
Task
Display configuration information about all IKE
proposals.
Display information about the current IKE SAs.
Delete IKE SAs.
Clear IKE MIB statistics.
IKE configuration examples
Main mode IKE with pre-shared key authentication
configuration example
Network requirements
As shown in
secure the communication in between.
Configure Switch A and Switch B to use the default IKE proposal for the IKE negotiation to set up the
IPsec SAs. Configure the two switches to use the pre-shared key authentication method for the IKE
negotiation phase 1.
Figure 94 Network diagram
Configuration procedure
1.
Configure Switch A:
# Configure an IP address for VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
# Configure ACL 3101 to identify traffic between Switch A and Switch B.
[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode tunnel
Figure
94, configure an IKE-based IPsec tunnel between Switch A and Switch B to
Command
display ike proposal
display ike sa [ verbose [ connection-id
connection-id | remote-address [ ipv6 ]
remote-address [ vpn-instance vpn-name ] ] ]
reset ike sa [ connection-id connection-id ]
reset ike statistics
324