HP ProCurve 7102dl Reference Manual page 347
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
Global Configuration Mode Command Set
provided with your unit.
Step 1:
Enter the Global configuration mode (i.e., config terminal mode).
ProCurve>enable
ProCurve#configure terminal
Step 2:
Enable VPN support using the ip crypto command. This command allows crypto maps to be applied to
interfaces, and enables the IKE server to listen for IKE negotiation sessions on UDP port 500.
ProCurve(config)#ip crypto
Step 3:
Set the local ID. During IKE negotiation, local-ids are exchanged between the local device and the peer
device. In the SROS, the default setting for all local-ids is configured by the crypto ike local-id command.
The default setting is for all local-ids to be the IPv4 address of the interface over which the IKE negotiation
is occurring. In the future, a unique system-wide Hostname or Fully Qualified Domain Name could be used
for all IKE negotiation.
ProCurve(config)#crypto ike local-id address
Step 4:
Create IKE policy. In order to use IKE negotiation, an IKE policy must be created. Within the system, a list
of IKE policies is maintained. Each IKE policy is given a priority number in the system. That priority
number defines the position of that IKE policy within the system list. When IKE negotiation is needed, the
system searches through the list, starting with the policy with priority of 1, looking for a match to the peer IP
address.
An individual IKE policy can override the system local-id setting by having the local-id command specified
in the IKE policy definition. This command in the IKE policy is used to specify the type of local-id and the
local-id data. The type can be of IPv4 address, Fully Qualified Domain Name, or User-Specified Fully
Qualified Domain Name.
An IKE policy may specify one or more peer IP addresses that will be allowed to connect to this system. To
specify multiple unique peer IP addresses, the peer A.B.C.D command is used multiple times within a
single IKE policy. To specify that all possible peers can use a default IKE policy, the peer any command is
given instead of the peer A.B.C.D command inside of the IKE policy. The policy with the peer any
command specified will match to any peer IP address (and therefore should be given the highest numerical
priority number). This will make the policy the last one to be compared against during IKE negotiation.
ProCurve(config)#crypto ike policy 10
ProCurve(config-ike)#no local-id
ProCurve(config-ike)#peer 172.16.15.129
ProCurve(config-ike)#initiate aggressive
ProCurve(config-ike)#respond anymode
5991-2114
© Copyright 2007 Hewlett-Packard Development Company, L.P.
345
Advertisement
Chapters
Table of Contents
