Enabling the FIPS mode ······································································································································ 336
Triggering a self-test ············································································································································ 337
Displaying and maintaining FIPS ······························································································································· 337
FIPS configuration example········································································································································· 337
Network requirements ········································································································································· 337
Configuration procedure ···································································································································· 337
Verifying the configuration ································································································································· 338
Configuring IPsec ···················································································································································· 340
Overview ······································································································································································· 340
Basic concepts ····················································································································································· 340
Protocols and standards ····································································································································· 343
Configuring IPsec ························································································································································· 343
Implementing ACL-based IPsec ··································································································································· 343
Feature Restrictions ·············································································································································· 343
Configuring ACLs ················································································································································ 344
Configuring an IPsec proposal ·························································································································· 345
Configuring an IPsec policy ······························································································································· 346
Displaying and maintaining IPsec ······························································································································ 352
IPsec configuration examples······································································································································ 352
Configuring IKE ······················································································································································· 355
Overview ······································································································································································· 355
IKE security mechanism ······································································································································· 355
IKE operation ······················································································································································· 355
IKE functions ························································································································································· 356
Protocols and standards ····································································································································· 357
IKE configuration task list ············································································································································ 357
Configuring an IKE proposal ······································································································································ 358
Configuring an IKE peer ·············································································································································· 359
Setting keepalive timers ··············································································································································· 361
Setting the NAT keepalive timer ································································································································· 361
Configuring a DPD detector ········································································································································ 362
Displaying and maintaining IKE ································································································································· 363
IKE configuration example ·········································································································································· 363
Troubleshooting IKE ····················································································································································· 366
Invalid user ID ······················································································································································ 366
Proposal mismatch ·············································································································································· 366
ACL configuration error ······································································································································ 367
Support and other resources ·································································································································· 368
Contacting HP ······························································································································································ 368
Subscription service ············································································································································ 368
Related information ······················································································································································ 368
Documents ···························································································································································· 368
ix