HP MSR Series Configuration Manual page 381
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Step
3.
Configure the local and
remote identity
authentication methods.
4.
Specify a keychain.
5.
Specify a PKI domain.
6.
Configure the local ID.
7.
Configure peer IDs.
8.
(Optional.) Specify the
local interface or IP
address to which the
IKEv2 profile can be
applied.
9.
(Optional.) Specify a
priority for the IKEv2
profile.
10. (Optional.) Specify a
VPN instance for the
IKEv2 profile.
11. (Optional.) Set the
IKEv2 SA lifetime for the
IKEv2 profile.
12. (Optional.) Configure
the DPD feature for the
IKEv2 profile.
13. (Optional.) Specify an
inside VPN instance for
the IKEv2 profile.
Command
authentication-method { local |
remote } { dsa-signature |
ecdsa-signature | pre-share |
rsa-signature }
keychain keychain-name
certificate domain domain-name
[ sign | verify ]
identity local { address
{ ipv4-address | ipv6 ipv6-address }
| dn | email email-string | fqdn
fqdn-name | key-id key-id-string }
match remote { certificate
policy-name | identity { address
{ { ipv4-address [ mask |
mask-length ] | range
low-ipv4-address
high-ipv4-address } | ipv6
{ ipv6-address [ prefix-length ] |
range low-ipv6-address
high-ipv6-address } } | fqdn
fqdn-name | email email-string |
key-id key-id-string } }
match local address
{ interface-type interface-number |
{ ipv4-address | ipv6
ipv6-address } }
priority priority
match vrf { name vrf-name | any }
sa duration seconds
dpd interval interval [ retry
seconds ] { on-demand | periodic }
inside-vrf vrf-name
366
Remarks
By default, no local or remote identity
authentication method is configured.
By default, no keychain is specified
for an IKEv2 profile.
Perform this task when the
pre-shared key authentication
method is specified.
By default, the device uses PKI
domains configured in system view.
Perform this task when the digital
signature authentication method is
specified.
By default, no local ID is configured,
and the device uses the IP address
of the interface where the IPsec
policy applies as the local ID.
By default, no peer ID is configured.
You must configure a minimum of
one peer ID on each of the two peers.
By default, an IKEv2 profile can be
applied to any local interface or IP
address.
By default, the priority of an IKEv2
profile is 100.
By default, an IKEv2 profile belongs
to the public network.
By default, the IKEv2 SA lifetime is
86400 seconds.
By default, DPD is disabled for an
IKEv2 profile. The global DPD
settings in system view are used. If
DPD is also disabled in system view,
the device does not perform DPD.
By default, no inside VPN instance is
specified for an IKEv2 profile. The
internal and external networks are in
the same VPN instance. The device
forwards protected data to this VPN
instance.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
