HP MSR Series Configuration Manual page 343
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
[RouterA-ipsec-transform-set-tran1] protocol esp
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-tran1] quit
# Create an IPsec policy template named temp1, referencing the transform set tran1.
[RouterA] ipsec policy-template temp1 1
[RouterA-ipsec-policy-template-temp1-1] transform-set tran1
# Enable IPsec RRI, set the preference to 100 and the tag to 1000 for the static routes created
by IPsec RRI.
[RouterA-ipsec-policy-template-temp1-1] reverse-route dynamic
[RouterA-ipsec-policy-template-temp1-1] reverse-route preference 100
[RouterA-ipsec-policy-template-temp1-1] reverse-route tag 1000
[RouterA-ipsec-policy-template-temp1-1] quit
# Create an IKE-based IPsec policy entry with the name map1 and the sequence number 10 by
referencing IPsec policy template temp1.
[RouterA] ipsec policy map1 10 isakmp template temp1
# Create an IKE proposal named 1, and specify 3DES as the encryption algorithm,
HMAC-SHA1 as the authentication algorithm, and pre-share as the authentication method.
[RouterA] ike proposal 1
[RouterA-ike-proposal-1] encryption-algorithm 3des-cbc
[RouterA-ike-proposal-1] authentication-algorithm sha
[RouterA-ike-proposal-1] authentication-method pre-share
[RouterA-ike-proposal-1] quit
# Create an IKE keychain named key1 and specify the plaintext 123 as the pre-shared key to
be used with the remote peer at 2.2.2.2.
[RouterA] ike keychain key1
[RouterA-ike-keychain-key1] pre-shared-key address 2.2.2.2 key simple 123
[RouterA-ike-keychain-key1] quit
# Apply the IPsec policy map1 to interface GigabitEthernet 2/0/1.
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] ipsec apply policy map1
[RouterA-GigabitEthernet2/0/1] quit
3.
Configure Router B:
# Create an IPsec transform set named tran1, and specify ESP as the security protocol, DES
as the encryption algorithm, and HMAC-SHA-1-96 as the authentication algorithm.
[RouterB] ipsec transform-set tran1
[RouterB-ipsec-transform-set-tran1] encapsulation-mode tunnel
[RouterB-ipsec-transform-set-tran1] protocol esp
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Configure ACL 3000 to identify traffic from subnet 5.5.5.0/24 to subnet 4.4.4.0/24.
[RouterB] acl advanced 3000
[RouterB-acl-ipv4-adv-3000] rule permit ip source 5.5.5.0 0.0.0.255 destination
4.4.4.0 0.0.0.255
[RouterB-acl-ipv4-adv-3000] quit
# Create an IKE-based IPsec policy entry with the name map1 and the sequence number 10.
Specify the transform set tran1 and ACL 3000, and specify the remote IP address for the tunnel
as 1.1.1.1.
328
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
