HP ProCurve 7102dl Reference Manual page 348
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
Global Configuration Mode Command Set
ProCurve(config-ike)#attribute 10
ProCurve(config-ike-attribute)#encryption 3des
ProCurve(config-ike-attribute)#hash sha
ProCurve(config-ike-attribute)#authentication pre-share
ProCurve(config-ike-attribute)#group 1
ProCurve(config-ike-attribute)#lifetime 86400
Step 5:
Define the remote-id settings. The crypto ike remote-id command is used to define the remote-id for a
peer connecting to the system, specify the preshared-key associated with the specific remote-id, and
(optionally) determine that the peer matching this remote-id should not use mode config (by using the
no-mode-config keyword). See
crypto ike remote-id
on page 348 for more information.
ProCurve(config)#crypto ike remote-id address 172.16.15.129 preshared-key
mysecret123
Step 6:
Define the transform-set. A transform-set defines the encryption and/or authentication algorithms to be
used to secure the data transmitted over the VPN tunnel. Multiple transform-sets may be defined in a
system. Once a transform-set is defined, many different crypto maps within the system can reference it. In
this example, a transform-set named highly_secure has been created. This transform-set defines ESP
with Authentication implemented using 3DES encryption and SHA1 authentication.
ProCurve(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac
ProCurve(cfg-crypto-trans)#mode tunnel
Step 7:
Define an ip-access list. An Extended Access Control List is used to specify which traffic needs to be sent
securely over the VPN tunnel. The entries in the list are defined with respect to the local system. The
source IP address will be the source of the traffic to be encrypted. The destination IP address will be the
receiver of the data on the other side of the VPN tunnel.
ProCurve(config)#ip access-list extended corporate_traffic
ProCurve(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log
deny ip any any
Step 8:
Create crypto map. A Crypto Map is used to define a set of encryption schemes to be used for a given
interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will
specify whether IKE is used to generate encryption keys or if manually specified keys will be used. The
crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform-set or
sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime
of all created IPSec Security Associations.
ProCurve(config)#crypto map corporate_vpn 1 ipsec-ike
ProCurve(config-crypto-map)#match address corporate_traffic
5991-2114
© Copyright 2007 Hewlett-Packard Development Company, L.P.
346
Advertisement
Chapters
Table of Contents
