Configuring Ipsec Rri - HP MSR Series Configuration Manual

[Inbound ESP SA]
SPI: 123456 (0x3039)
Connection ID: 1
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 123456 (0x3039)
Connection ID: 2
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA

Configuring IPsec RRI

Network requirements
As shown in
Configure the IPsec VPN as follows:
•
Configure an IPsec tunnel between Router A and each branch gateway (Router B, Router C,
and Router D) to protect traffic between subnets 4.4.4.0/24 and 5.5.5.0/24.
•
Configure the tunnels to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96. Use IKE for IPsec SA negotiation.
•
Configure IKE proposal to use pre-shared key authentication method, the encryption algorithm
3DES, and the authentication algorithm HMAC-SHA1.
•
Configure IPsec RRI on Router A to automatically create static routes to the branches based on
the established IPsec SAs.
Figure 106 Network diagram
Enterprise Center
Configuration procedure
1. Assign IPv4 addresses to the interfaces on the routers according to
shown.)
2. Configure Router A:
# Create an IPsec transform set named tran1, and specify ESP as the security protocol, DES
as the encryption algorithm, and HMAC-SHA-1-96 as the authentication algorithm.
<RouterA> system-view
[RouterA] ipsec transform-set tran1
[RouterA-ipsec-transform-set-tran1] encapsulation-mode tunnel
Figure 106, branches access the enterprise center through an IPsec VPN.
GE2/0/1
GE2/0/2
1.1.1.1/24
4.4.4.1/24
Router A
Host A
GE2/0/1
2.2.2.2/24
RouterB
Internet
Router C
Router D
327
Branch
GE2/0/2
5.5.5.1/24
Host B
Branch
Branch
Figure 106. (Details not