HP MSR2000 Configuration Manual page 214
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
[DeviceB] ipsec transform-set transform1
# Use the ESP protocol for the IPsec transform set.
[DeviceB-ipsec-transform-set-transform1] protocol esp
# Specify the encryption and authentication algorithms.
[DeviceB-ipsec-transform-set-transform1] esp encryption-algorithm 3des-cbc
[DeviceB-ipsec-transform-set-transform1] esp authentication-algorithm md5
[DeviceB-ipsec-transform-set-transform1] quit
# Create IKE keychain keychain1.
[DeviceB]ike keychain keychain1
# Specify plaintext 12345zxcvb!@#$%ZXCVB as the pre-shared key to be used with the remote
peer at 1.1.1.1.
[DeviceB-ike-keychain-keychain1] pre-shared-key address 1.1.1.1 255.255.255.0 key
simple 12345zxcvb!@#$%ZXCVB
[DeviceB-ike-keychain-keychain1] quit
# Create an IKE profile named profile1.
[DeviceB] ike profile profile1
# Reference IKE keychain keychain1.
[DeviceB-ike-profile-profile1] keychain keychain1
# Specify that IKE negotiation operates in aggressive mode.
[DeviceB-ike-profile-profile1] exchange-mode aggressive
# Configure a peer ID with the identity type of FQDN name and the value of www.devicea.com.
[DeviceB-ike-profile-profile1] match remote identity fqdn www.devicea.com
[DeviceB-ike-profile-profile1] quit
# Create an IPsec policy template named template1, with the sequence number as 1.
[DeviceB] ipsec policy-template template1 1
# Reference IPsec transform set transform1 for the IPsec policy.
[DeviceB-ipsec-policy-template-template1-1] transform-set transform1
# Specify 2.2.2.2 as the local address of the IPsec tunnel.
[DeviceB-ipsec-policy-template-template1-1] local-address 2.2.2.2
# Specify IKE profile profile1 for the IPsec policy.
[DeviceB-ipsec-policy-template-template1-1] ike-profile profile1
[DeviceB-ipsec-policy-template-template1-1] quit
# Create an IPsec policy named policy1, with the sequence number as 1, referencing the IPsec
policy template template1.
[DeviceB] ipsec policy policy1 1 isakmp template template1
# Apply IPsec policy policy1 to interface Ethernet 1/1.
[DeviceB-Ethernet1/1] ipsec apply policy policy1
[DeviceB-Ethernet1/1] quit
Verifying the configuration
When there is traffic from the subnet 10.1.1.0/24 to 10.1.2.0/24 to send, IKE negotiation is triggered,
# Display the IKE SA on Device A.
[DeviceA] display ike sa
Connection-ID
------------------------------------------------------------------
Remote
203
Flag
DOI
Advertisement
Table of Contents
Troubleshooting
