HP 5920 Series Configuration Manual page 279
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
# On the responder:
[Sysname] display acl 3000
Advanced ACL
ACL's step is 5
rule 0 permit ip source 192.168.222.71 0 destination 192.168.222.5 0
3.
Verify that the IPsec policy has a remote address and an IPsec transform set configured and that the
IPsec transform set has all necessary settings configured.
If, for example, the IPsec policy has no remote address configured, the IPsec SA negotiation will
fail:
[Sysname] display ipsec policy
-------------------------------------------
IPsec Policy: policy1
Interface: Vlan-interface1
-------------------------------------------
-----------------------------
Sequence number: 1
Mode: isakmp
-----------------------------
Description:
Security data flow: 3000
Selector mode: aggregation
Local address: 192.168.222.5
Remote address:
Transform set:
IKE profile: profile1
SA duration(time based):
SA duration(traffic based):
SA idle time:
Solution
1.
If no matching IKE profiles were found and the IPsec policy is referencing an IKE profile, remove
the reference.
2.
If the flow range defined by the responder's ACL is smaller than that defined by the initiator's ACL,
modify the responder's ACL so the ACL defines a flow range equal to or greater than that of the
initiator's ACL.
For example:
[Sysname] display acl 3000
Advanced ACL
ACL's step is 5
rule 0 permit ip source 192.168.222.0 0.0.0.255 destination 192.168.222.0 0.0.0.255
3.
Configure the missing settings (for example, the remote address).
3000, named -none-, 2 rules,
transform1
3000, named -none-, 2 rules,
268
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
