HP MSR Series Configuration Manual page 365

# Apply IPsec policy use1 to interface GigabitEthernet 2/0/1.
[DeviceB-GigabitEthernet2/0/1] ipsec apply policy use1
[DeviceB-GigabitEthernet2/0/1] quit
# Configure a static route to the subnet where Host A resides.
[DeviceB] ip route-static 10.1.1.0 255.255.255.0 1.1.1.1
Verifying the configuration
# Initiate a connection from subnet 10.1.1.0/24 to subnet 10.1.2.0/24 to trigger IKE negotiation. After
IPsec SAs are successfully negotiated by IKE, traffic between the two subnets is IPsec protected.
# Display the IKE proposal configuration on Device A and Device B.
[DeviceA] display ike proposal 10
Priority Authentication Authentication Encryption
----------------------------------------------------------------------------
10 RSA-SIG
default PRE-SHARED-KEY
[DeviceB] display ike proposal 10
Priority Authentication Authentication Encryption
----------------------------------------------------------------------------
10 RSA-SIG
default PRE-SHARED-KEY
# Display the IKE SA on Device A.
[DeviceA] display ike sa
Connection-ID
------------------------------------------------------------------
1
Flags:
RD--READY RL--REPLACED FD-FADING
# Display information about the CA certificate on Device A.
[DeviceA] display pki certificate domain domain1 ca
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=cn, O=rnd, OU=sec, CN=8088
Validity
Subject: C=cn, O=rnd, OU=sec, CN=8088
Subject Public Key Info:
method algorithm
MD5
SHA1
method algorithm
MD5
SHA1
Remote
2.2.2.2
b9:14:fb:25:c9:08:2c:9d:f6:94:20:30:37:4e:00:00
Not Before: Sep 6 01:53:58 2012 GMT
Not After : Sep 8 01:50:58 2015 GMT
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:de:81:f4:42:c6:9f:c2:37:7b:21:84:57:d6:42:
Diffie-Hellman Duration
algorithm group
AES-CBC-128 Group 1
AES-CBC-128 Group 1
Diffie-Hellman Duration
algorithm group
AES-CBC-128 Group 1
AES-CBC-128 Group 1
Flag DOI
RD IPSEC
350
(seconds)
86400
86400
(seconds)
86400
86400