Protocols And Standards; Fips Compliance; Security Strength; Ipsec Tunnel Establishment - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
You can advertise the static routes created by IPsec RRI in the internal network, and the internal
network device can use them to forward traffic in the IPsec VPN.
In an MPLS L3VPN network, IPsec RRI can add static routes to VPN instances' routing tables.
IPsec RRI is applicable to gateways that must provide many IPsec tunnels (for example, a
headquarters gateway).
Protocols and standards
•
RFC 2401, Security Architecture for the Internet Protocol
•
RFC 2402, IP Authentication Header
•
RFC 2406, IP Encapsulating Security Payload
•
RFC 4552, Authentication/Confidentiality for OSPFv3
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode (see
non-FIPS mode.
Security strength
By default, the device provides low encryption. To obtain high encryption, you must install the Strong
Cryptography feature license. This feature provides stronger cryptography, additional IPsec tunnels,
and higher encryption performance. For more information about obtaining the Strong Cryptography
feature license, see the release notes or contact your Hewlett Packard Enterprise sales
representative.
Support for features, commands, and parameters depends on the cryptography capability.
IPsec tunnel establishment
CAUTION:
Typically, IKE uses UDP port 500 for communication, and AH and ESP use the protocol numbers 51
and 50, respectively. Make sure traffic of these protocols is not denied on the interfaces with IKE or
IPsec configured.
IPsec tunnels can be established in different methods. Choose a correct method to establish IPsec
tunnels according to your network conditions:
•
ACL-based IPsec tunnel—Protects packets identified by an ACL. To establish an ACL-based
IPsec tunnel, configure an IPsec policy, specify an ACL in the policy, and apply the policy to an
interface (see
same in an IPv4 network and in an IPv6 network.
•
Application-based IPsec tunnel—Protects the packets of an application. This method can be
used to protect IPv6 routing protocols and ADVPN tunnels. It does not require an ACL. For
information about IPv6 routing protocol protection, see
protocols." For information about ADVPN tunnel protection, see
"Implementing ACL-based
IPsec"). The IPsec tunnel establishment steps are the
"Configuring IPsec for IPv6 routing
291
"Configuring
FIPS") and
"Configuring IPsec for
tunnels."
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
