Configuring Ipsec Rri - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Preference : 100
Checkzero : Enabled
Default Cost : 0
Maximum number of balanced paths : 8
Update time
Suppress time :
Number of periodic updates sent : 186
Number of trigger updates sent : 1
IPsec profile name: profile001
# Use the display ipsec sa command to display the established IPsec SAs.
[RouterA] display ipsec sa
-------------------------------
Global IPsec SA
-------------------------------
-----------------------------
IPsec profile: profile001
Mode: manual
-----------------------------
Encapsulation mode: transport
[Inbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
Configuring IPsec RRI
Network requirements
Branches access the enterprise center through an IPsec VPN.
Configure IPsec tunnels between Router A and Router B, Router C, and Router D, respectively, to protect
traffic between subnets 4.4.4.0/24 and 5.5.5.0/24.
Configure the tunnels to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96. Use IKE for IPsec SA negotiation.
Configure IKE proposal to use pre-shared key authentication method, the encryption algorithm 3DES,
and the authentication algorithm HMAC-SHA1 .
Configure IPsec RRI on Router A to automatically create static routes to the branches based on the
established IPsec SAs.
:
30 sec(s)
Timeout time
120 sec(s)
Garbage-Collect time :
174
:
180 sec(s)
120 sec(s)
Advertisement
Table of Contents
Troubleshooting
