HP MSR2000 Configuration Manual page 213
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
# Use the ESP protocol for the IPsec transform set.
[DeviceA-ipsec-transform-set-transform1] protocol esp
# Specify the encryption and authentication algorithms.
[DeviceA-ipsec-transform-set-transform1] esp encryption-algorithm 3des-cbc
[DeviceA-ipsec-transform-set-transform1] esp authentication-algorithm md5
[DeviceA-ipsec-transform-set-transform1] quit
# Create an IKE keychain named keychain1.
[DeviceA] ike keychain keychain1
# Specify plaintext 12345zxcvb!@#$%ZXCVB as the pre-shared key to be used with the remote
peer at 2.2.2.2.
[DeviceA-ike-keychain-keychain1] pre-shared-key address 2.2.2.2 255.255.255.0 key
simple 12345zxcvb!@#$%ZXCVB
[DeviceA-ike-keychain-keychain1] quit
# Create an IKE profile named profile1.
[DeviceA] ike profile profile1
# Specify IKE keychain keychain1.
[DeviceA-ike-profile-profile1] keychain keychain1
# Specify that IKE negotiation operates in aggressive mode.
[DeviceA-ike-profile-profile1] exchange-mode aggressive
# Set the local identity to the FQDN name www.devicea.com.
[DeviceA-ike-profile-profile1] local-identity fqdn www.devicea.com
# Configure a peer ID with the identity type as IP address and the value as 2.2.2.2/24.
[DeviceA-ike-profile-profile1] match remote identity address 2.2.2.2 255.255.255.0
[DeviceA-ike-profile-profile1] quit
# Create an IPsec policy named policy1, the sequence number as 1, and the IPsec SA setup mode
as IKE.
[DeviceA] ipsec policy policy1 1 isakmp
# Specify the remote IP address 2.2.2.2 for the IPsec tunnel.
[DeviceA-ipsec-policy-isakmp-policy1-1] remote-address 2.2.2.2
# Reference IPsec transform set transform1 for the IPsec policy.
[DeviceA-ipsec-policy-isakmp-policy1-1] transform-set transform1
# Reference ACL 3000 to identify the traffic to be protected.
[DeviceA-ipsec-policy-isakmp-policy1-1] security acl 3000
# Specify IKE profile profile1 for the IPsec policy.
[DeviceA-ipsec-policy-isakmp-policy1-1] ike-profile profile1
[DeviceA-ipsec-policy-isakmp-policy1-1] quit
# Apply IPsec policy policy1 to interface Ethernet 1/1.
[DeviceA-Ethernet1/1] ipsec apply policy policy1
[DeviceA-Ethernet1/1] quit
# Configure a static route to the subnet where Host B resides.
[DeviceA] ip route-static 10.1.2.0 255.255.255.0 2.2.2.2
2.
Configure Device B:
# Assign an IP address to each interface. (Details not shown.)
# Create IPsec transform set transform1.
<DeviceB> system-view
202
Advertisement
Table of Contents
Troubleshooting
