Group Domain Vpn Configuration Example; Network Requirements - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 layer 2 - wan access configuration manual (420 pages)
Table of Contents
Advertisement
Task
Display ACL information for the
GM.
Display rekey information for the
GM.
Display information about the
public keys received by the GM.
Display IKE SA information.
Display IPsec SA information.
Display GDOI IPsec policy
information.
Clear GDOI information for the
GM and initiate registration.
For more information about the display ike sa, display ipsec sa, and display ipsec policy
commands, see HPE FlexNetwork MSR Router Series Comware 5 Security Command Reference.
Group domain VPN configuration example
Network requirements
As shown in
subnets, as follows:
•
Add GM 1, GM 2, and GM 3 to GDOI group 12345, and configure them to register with the KS
that manages the group.
•
Use the IPsec security protocol ESP, encryption algorithm AES-CBC 128, and authentication
algorithm SHA1 to protect the data.
•
Configure IPsec to protect traffic from subnet 10.1.1.0 to subnet 10.1.2.0, and traffic from
subnet 10.1.1.0 to subnet 10.1.3.0.
•
Use pre-shared key authentication for IKE negotiation between the KS and the GMs.
•
Configure the KS to multicast rekey messages to the GMs.
•
Configure KS 1 and KS 2 to back up each other. KS 1 and KS 2 use pre-shared key
authentication for IKE negotiation.
Command
display gdoi gm acl [ download | local ] [ group group-name ] [ |
{ begin | exclude | include } regular-expression ]
display gdoi gm rekey [ verbose ] [ group group-name ] [ | { begin |
exclude | include } regular-expression ]
display gdoi gm pubkey [ group group-name ] [ | { begin | exclude |
include } regular-expression ]
display ike sa [ active | standby | verbose [ connection-id
connection-id | remote-address [ ipv6 ] remote-address ] ] [ | { begin |
exclude | include } regular-expression ]
display ipsec sa [ active | brief | duration | policy policy-name
[ seq-number ] | remote [ ipv6 ] ip-address | standby ] [ | { begin |
exclude | include } regular-expression ]
display ipsec policy [ brief | name policy-name [ seq-number ] ] [ |
{ begin | exclude | include } regular-expression ]
reset gdoi gm [ group group-name ]
Figure
155, set up a group domain VPN on the network to protect traffic between
465
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?