HP ProCurve 7102dl Reference Manual page 346
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
crypto ike
Use the crypto ike command to define the system-level local ID for IKE negotiations and to enter the IKE
Client or IKE Policy command sets.
Variations of this command include the following:
crypto ike client configuration pool <poolname>
crypto ike local-id address
crypto ike policy <policy priority>
Syntax Description
client configuration
pool <poolname>
local-id address
policy <policy priority> Creates an IKE policy with the <policy priority> of your choice and enters the IKE
Default Values
There are no default settings for this command.
Usage Examples
The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE Policy for
that policy:
ProCurve(config)#crypto ike policy 1
ProCurve(config-ike)#
Technology Review
The following example configures an SROS product for VPN using IKE aggressive mode with pre-shared
keys. The SROS product can be set to initiate IKE negotiation in main mode or aggressive mode. The
product can be set to respond to IKE negotiation in main mode, aggressive mode, or any mode. In this
example, the device is configured to initiate in aggressive mode and to respond to any mode.
This example assumes that the SROS product has been configured with a WAN IP Address of
172.16.45.57 on interface ppp 1 and a LAN IP Address of 10.10.10.254 on interface ethernet 0/1. The
Peer Private IP Subnet is 10.10.20.0.
For more detailed information on VPN configuration, refer to the VPN Configuration Guide located on the
5991-2114
Creates a local pool named the <poolname> of your choice and enters the IKE
Client. Clients that connect via an IKE policy that specifies this pool-name will be
assigned values from this pool. See the section for more information.
Sets the local ID during IKE negotiation to be the IP address of the interface from
which the traffic exits. This setting can be overridden on a per-policy basis using
the local-id command in the IKE Policy (see
user-fqdn] <ipaddress or name>
IKE Policy Command Set
Policy. See
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
local-id [address | asn1-dn | fqdn |
on page 1267 for more information).
on page 1260 for more information.
344
Advertisement
Chapters
Table of Contents
