HP MSR2000 Configuration Manual page 209

# Create an IPsec policy named use1, with the sequence number as 1, referencing the IPsec policy
template template1.
[DeviceB] ipsec policy use1 1 isakmp template template1
# Apply IPsec policy use1 to interface Ethernet 1/1.
[DeviceB-Ethernet1/1] ipsec apply policy use1
[DeviceB-Ethernet1/1] quit
# Configure a static route to the subnet where Host A resides.
[DeviceB] ip route-static 10.1.1.0 255.255.255.0 1.1.1.1
Verifying the configuration
When there is traffic between subnets 10.1.1.0/24 and 10.1.2.0/24, IKE negotiation is triggered.
# Display the IKE proposal configuration on Device A and Device B.
[DeviceA] display ike proposal 10
Priority Authentication Authentication Encryption
----------------------------------------------------------------------------
10
default
[DeviceB] display ike proposal 10
Priority Authentication Authentication Encryption
----------------------------------------------------------------------------
10
default
# Display the IKE SA on Device A.
[DeviceA] display ike sa
Connection-ID
------------------------------------------------------------------
1
Flags:
RD--READY RL--REPLACED FD-FADING
# Display information about the CA certificate on Device A.
[DeviceA] display pki certificate domain domain1 ca
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=cn, O=rnd, OU=sec, CN=8088
Validity
Subject: C=cn, O=rnd, OU=sec, CN=8088
Subject Public Key Info:
method algorithm
RSA-SIG
PRE-SHARED-KEY
method algorithm
RSA-SIG
PRE-SHARED-KEY
Remote
2.2.2.2
b9:14:fb:25:c9:08:2c:9d:f6:94:20:30:37:4e:00:00
Not Before: Sep
Not After : Sep
Public Key Algorithm: rsaEncryption
algorithm
MD5 AES-CBC-128
SHA1 AES-CBC-128
algorithm
MD5 AES-CBC-128
SHA1 AES-CBC-128
Flag
RD
6 01:53:58 2012 GMT
8 01:50:58 2015 GMT
198
Diffie-Hellman Duration
group (seconds)
Group 1
Group 1
Diffie-Hellman Duration
group (seconds)
Group 1
Group 1
DOI
IPSEC
5000
86400
5000
86400