HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 477
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
3.
Create an IKE policy:
Syntax: crypto ike policy <IKE policynumber>
4.
Configure the initiate mode:
Syntax: [no] initiate [main | aggressive]
For example:
ProCurve(config-crypto-ike)# initiate aggressive
If the peer has a dynamic address, set the mode to no initiate.
5.
Set the peer ID or peer IDs:
Syntax: peer [any | <peer A.B.C.D>]
6.
Create an attribute policy:
Syntax: attribute <attribute policynumber>
7.
Enter settings for the IKE SA, including authentication method, authenti-
cation algorithm, encryption algorithm, Diffie-Hellman group, and IKE SA
lifetime:
Syntax: authentication [dss-sig | pre-share | rsa-sig]
Syntax: hash [md5 | sha]
Syntax: encryption [3des | aes-128-cbc | aes-192-cbc | aes-256-cbc | des]
Syntax: group [1 | 2]
Syntax: lifetime <seconds>
8.
If so desired, repeat steps 7 and 8 to configure multiple attribute policies.
IKE proposes the policy with the lowest number first.
9.
If so desired, repeat steps 4 through 9 to configure multiple IKE policies.
You can use the same policy with more than one peer, but you should
usually use a different policy to connect to a remote site from the policy
used to connect to mobile users. (The router cannot initiate IKE with
mobile users.)
10. Exit to the global configuration mode and configure algorithms for the
IPSec SA in a transform set:
•
AH protocol:
Syntax: crypto ipsec transform-set <setname> [ah-md5-hmac | ah-sha-hmac]
Virtual Private Networks
Quick Start
8-91
Advertisement
Chapters
Table of Contents
Troubleshooting
