HP A6600 Configuration Manual page 268
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
NOTE:
An IPsec policy can reference only one ACL. If you apply multiple ACLs to an IPsec policy, only the
•
last one takes effect.
A manual IPsec policy can reference only one IPsec proposal. To change an IPsec proposal for an
•
IPsec policy, you must first remove the proposal reference.
If you configure a key in two modes (string and hexadecimal), only the last configured one is used.
•
You cannot change the creation mode of an IPsec policy from manual to through IKE, or vice versa.
•
To create an IPsec policy that uses IKE, delete the manual IPsec policy, and then use IKE to configure
an IPsec policy.
Configuring an IPsec policy that uses IKE
To configure an IPsec policy that uses IKE, use one of the following methods:
Directly configure it by configuring the parameters in IPsec policy view.
•
Configure it by referencing an existing IPsec policy template with the parameters to be negotiated
•
configured. A router referencing an IPsec policy that is configured in this way cannot initiate SA
negotiation but can respond to a negotiation request. The parameters not defined in the template
are determined by the initiator. This approach applies to scenarios where the remote end's
information, such as the IP address, is unknown.
Configuration prerequisites
1.
Configure the ACLs and the IKE peer for the IPsec policy. For more information, see
The parameters for the local and remote ends must match.
Configuration procedure
2.
Directly configure an IPsec policy that uses IKE.
•
To directly configure an IPsec policy that uses IKE:
To do...
1.
Enter system view.
2.
Create an IPsec policy that
uses IKE and enter its view.
3.
Configure an IPsec connection
name.
4.
Assign an ACL to the IPsec
policy.
5.
Assign IPsec proposals to the
IPsec policy.
6.
Specify an IKE peer for the
IPsec policy.
Command...
system-view
ipsec policy policy-name seq-
number isakmp
connection-name name
security acl acl-number [
aggregation ]
proposal proposal-name&<1-6>
ike-peer peer-name
256
"Configuring
Remark
—
Required.
By default, no IPsec policy exists.
Optional.
By default, no IPsec connection
name is configured.
Required.
By default, an IPsec policy
references no ACL.
Required.
By default, an IPsec policy
references no IPsec proposal.
Required.
An IPsec policy cannot reference
any IKE peer that is already
referenced by an IPsec profile,
and vice versa.
IKE."
Advertisement
Table of Contents
Troubleshooting
