Displaying And Maintaining Ike; Ike Configuration Examples; Main Mode Ike With Pre-Shared Key Authentication Configuration Example - HP VSR1000 Security Configuration Manual

parameters for the SNMP module to specify how the SNMP module displays notifications. For more
information about SNMP notifications, see Network Management and Monitoring Configuration Guide.
To generate and output SNMP notifications for IKE for a specific failure or event type, enable SNMP
notifications for IKE globally and for the specified type of failures or events.
To configure SNMP notifications for IKE:
Step
1. Enter system view
2. Enable SNMP
notifications for IKE
globally.
3. Enable SNMP
notifications for the
specified failure or
event type.

Displaying and maintaining IKE

Execute display commands in any view and reset commands in user view.
Task
Display configuration information about all IKE
proposals.
Display information about the current IKE SAs.
Delete IKE SAs.
Clear IKE MIB statistics.

IKE configuration examples

Main mode IKE with pre-shared key authentication
configuration example
Network requirements
As shown in
B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
Command
system-view
snmp-agent trap enable ike global
snmp-agent trap enable ike [ attr-not-support
| auth-failure | cert-type-unsupport |
cert-unavailable | decrypt-failure |
encrypt-failure | invalid-cert-auth |
invalid-cookie | invalid-id | invalid-proposal
| invalid-protocol | invalid-sign |
no-sa-failure | proposal-add |
proposal–delete | tunnel-start | tunnel-stop
| unsupport-exch-type ] *
Figure 62, configure an IPsec tunnel that uses IKE negotiation between Device A and Deice
Command
display ike proposal
display ike sa [ verbose [ connection-id connection-id
| remote-address [ ipv6 ] remote-address ] ]
reset ike sa [ connection-id connection-id ]
reset ike statistics
224
Remarks
N/A
By default, SNMP notifications
for IKE are enabled.
By default, SNMP notifications
for all failure and event types
are enabled.