Configuring Ipsec Rri - HP VSR1000 Security Configuration Manual

Preference : 100
Checkzero : Enabled
Default Cost : 0
Maximum number of balanced paths : 8
Update time
Suppress time :
Number of periodic updates sent : 186
Number of trigger updates sent : 1
IPsec profile name: profile001
# Use the display ipsec sa command to display the established IPsec SAs.
[RouterA] display ipsec sa
-------------------------------
Global IPsec SA
-------------------------------
-----------------------------
IPsec profile: profile001
Mode: manual
-----------------------------
Encapsulation mode: transport
[Inbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA

Configuring IPsec RRI

Network requirements
As shown in
Perform the following configurations to meet the requirements:
Configure IPsec tunnels between Router A and Router B, Router C, and Router D, respectively, to
•
protect traffic between subnets 4.4.4.0/24 and 5.5.5.0/24.
Configure the tunnels to use the security protocol ESP, the encryption algorithm DES, and the
•
authentication algorithm SHA1-HMAC-96. Use IKE for IPsec SA negotiation.
• Configure IKE proposal to use pre-shared key authentication method, the encryption algorithm
3DES, and the authentication algorithm HMAC-SHA1 .
Configure IPsec RRI on Router A to automatically create static routes to the branches based on the
•
established IPsec SAs.
: 30 sec(s)
120 sec(s)
Figure 59, branches access the enterprise center through an IPsec VPN.
Timeout time
Garbage-Collect time :
208
: 180 sec(s)
120 sec(s)