Applying An Ike-Based Ipsec Profile To A Tunnel Interface; Configuring Snmp Notifications For Ipsec - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Step
4.
Specify IPsec transform
sets.
5.
Specify an IKE profile.
6.
Set the IPsec SA lifetime.
7.
(Optional.) Set the IPsec
SA idle timeout.
8.
Set the global SA lifetime.
9.
(Optional.) Enable the
global IPsec SA idle
timeout feature, and set
the global SA idle timeout.
Applying an IKE-based IPsec profile to a tunnel interface
After an IKE-based IPsec profile is applied to a tunnel interface, the peers negotiate an IPsec tunnel
through IKE to protect data transmitted through the tunnel interface.
IKE-based IPsec profiles can be applied only to ADVPN tunnel interfaces.
To apply an IKE-based IPsec profile to a tunnel interface:
Step
1.
Enter system view.
2.
Create an ADVPN tunnel
interface and enter tunnel
interface view.
3.
Apply an IKE-based IPsec
profile to the tunnel interface.
Configuring SNMP notifications for IPsec
After you enable SNMP notifications for IPsec, the IPsec module notifies the NMS of important
module events. The notifications are sent to the device's SNMP module. You can configure the
notification transmission parameters for the SNMP module to specify how the SNMP module
Command
transform-set
transform-set-name&<1-6>
ike-profile profile-name
sa duration { time-based seconds |
traffic-based kilobytes }
sa idle-time seconds
ipsec sa global-duration
{ time-based seconds |
traffic-based kilobytes }
ipsec sa idle-time seconds
Command
system-view
interface tunnel number mode
advpn { gre | udp } [ ipv6 ]
tunnel protection ipsec profile
profile-name
312
Remarks
By default, no IPsec transform set
is specified for an IPsec profile.
The specified IPsec transform
sets must use the tunnel mode.
By default, no IKE profile is
specified for an IPsec profile, and
the device selects an IKE profile
configured in system view for
negotiation. If no IKE profile is
configured in system view, the
globally configured IKE settings
are used.
You can specify only one IKE
profile for an IPsec profile.
For more information about IKE
profiles, see
"Configuring
By default, the global SA lifetime
is used.
By default, the global SA idle
timeout is used.
By default, the time-based SA
lifetime is 3600 seconds, and the
traffic-based SA lifetime is
1843200 kilobytes.
By default, the global IPsec SA
idle timeout function is disabled.
Remarks
N/A
By default, no tunnel interface
exists on the device.
By default, no IPsec profile is
applied to the tunnel interface.
IKE."
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
