HP VSR1000 Security Configuration Manual page 220
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
# Create an IKE keychain named key1 and specify the plaintext 123 as the pre-shared key to be
used with the remote peer at 2.2.2.2.
[RouterA] ike keychain key1
[RouterA-ike-keychain-key1] pre-shared-key address 2.2.2.2 key simple 123
[RouterA-ike-keychain-key1] quit
# Apply the IPsec policy map1 to interface GigabitEthernet 1/0.
[RouterA] interface gigabitethernet 1/0
[RouterA-GigabitEthernet1/0] ipsec apply policy map1
[RouterA-GigabitEthernet1/0] quit
3.
Configure Router B:
# Create an IPsec transform set named tran1, and specify ESP as the security protocol, DES as the
encryption algorithm, and HMAC-SHA-1-96 as the authentication algorithm.
[RouterB] ipsec transform-set tran1
[RouterB-ipsec-transform-set-tran1] encapsulation-mode tunnel
[RouterB-ipsec-transform-set-tran1] protocol esp
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Configure ACL 3000 to identify traffic from subnet 5.5.5.0/24 to subnet 4.4.4.0/24.
[RouterB] acl number 3000
[RouterB-acl-adv-3000] rule permit ip source 5.5.5.0 0.0.0.255 destination 4.4.4.0
0.0.0.255
[RouterB-acl-adv-3000] quit
# Create an IKE-based IPsec policy named map1, referencing the transform set tran1 and ACL
3000, and specify the remote IP address for the tunnel as 1.1.1.1.
[RouterB] ipsec policy map1 10 isakmp
[RouterB-ipsec-policy-isakmp-map1-10] transform-set tran1
[RouterB-ipsec-policy-isakmp-map1-10] security acl 3000
[RouterB-ipsec-policy-isakmp-map1-10] remote-address 1.1.1.1
[RouterB-ipsec-policy-isakmp-map1-10] quit
# Create an IKE proposal named 1, and specify 3DES as the encryption algorithm, HMAC-SHA1
as the authentication algorithm, and pre-share as the authentication method.
[RouterB] ike proposal 1
[RouterB-ike-proposal-1] encryption-algorithm 3des-cbc
[RouterB-ike-proposal-1] authentication-algorithm sha
[RouterB-ike-proposal-1] authentication-method pre-share
[RouterB-ike-proposal-1] quit
# Create an IKE keychain named key1 and specify the plaintext 123 as the pre-shared key to be
used with the remote peer at 1.1.1.1.
[RouterB] ike keychain key1
[RouterB-ike-keychain-key1] pre-shared-key address 1.1.1.1 key simple 123
[RouterB-ike-keychain-key1] quit
# Apply the IPsec policy map1 to interface GigabitEthernet 1/0.
[RouterB] interface gigabitethernet 1/0
[RouterB-GigabitEthernet1/0] ipsec apply policy map1
[RouterB-GigabitEthernet1/0] quit
210
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
