HP MSR Series Configuration Manual page 370
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
[DeviceB-ipsec-transform-set-transform1] esp encryption-algorithm 3des-cbc
[DeviceB-ipsec-transform-set-transform1] esp authentication-algorithm md5
[DeviceB-ipsec-transform-set-transform1] quit
# Create IKE keychain keychain1.
[DeviceB]ike keychain keychain1
# Specify plaintext 12345zxcvb!@#$%ZXCVB as the pre-shared key to be used with the
remote peer at 1.1.1.1. The source address of packets from 1.1.1.1 is translated into 3.3.3.1 by
the NAT device, so specify the IP address of the remote peer as 3.3.3.1.
[DeviceB-ike-keychain-keychain1] pre-shared-key address 3.3.3.1 255.255.255.0 key
simple 12345zxcvb!@#$%ZXCVB
[DeviceB-ike-keychain-keychain1] quit
# Create an IKE profile named profile1.
[DeviceB] ike profile profile1
# Specify IKE keychain keychain1.
[DeviceB-ike-profile-profile1] keychain keychain1
# Specify that IKE negotiation operates in aggressive mode.
[DeviceB-ike-profile-profile1] exchange-mode aggressive
# Configure a peer ID with the identity type of FQDN name and the value of www.devicea.com.
[DeviceB-ike-profile-profile1] match remote identity fqdn www.devicea.com
[DeviceB-ike-profile-profile1] quit
# Create an IPsec policy template with the name template1 and the sequence number 1.
[DeviceB] ipsec policy-template template1 1
# Specify IPsec transform set transform1 for the IPsec policy template.
[DeviceB-ipsec-policy-template-template1-1] transform-set transform1
# Specify 2.2.2.2 as the local address of the IPsec tunnel.
[DeviceB-ipsec-policy-template-template1-1] local-address 2.2.2.2
# Specify IKE profile profile1 for the IPsec policy.
[DeviceB-ipsec-policy-template-template1-1] ike-profile profile1
[DeviceB-ipsec-policy-template-template1-1] quit
# Create an IKE-based IPsec policy entry with the name policy1 and the sequence number 1
by referencing the IPsec policy template template1.
[DeviceB] ipsec policy policy1 1 isakmp template template1
# Apply IPsec policy policy1 to interface GigabitEthernet 2/0/1.
[DeviceB-GigabitEthernet2/0/1] ipsec apply policy policy1
[DeviceB-GigabitEthernet2/0/1] quit
# Configure a static route to the subnet where Host A resides.
[DeviceB] ip route-static 10.1.1.0 255.255.255.0 3.3.3.1
Verifying the configuration
# Initiate a connection from subnet 10.1.1.0/24 to subnet 10.1.2.0/24 to trigger IKE negotiation. After
IPsec SAs are successfully negotiated by IKE, traffic between the two subnets is IPsec protected.
# Display the IKE SA on Device A.
[DeviceA] display ike sa
Connection-ID
------------------------------------------------------------------
13
Flags:
RD--READY RL--REPLACED FD-FADING
Remote
2.2.2.2
355
Flag
DOI
RD
IPSEC
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
