HP 10500 Series Configuration Manual page 317

Step
8. Configure keys for the
SA.
NOTE:
You cannot change the creation mode of an IPsec policy from manual to through IKE, or vice versa. To
create an IPsec policy that uses IKE, delete the manual IPsec policy, and then use IKE to configure an IPsec
policy.
Configuring an IPsec policy that uses IKE
To configure an IPsec policy that uses IKE, directly configure it by configuring the parameters in IPsec
policy view.
Before you configure an IPsec policy that uses IKE, complete the following tasks:
Configure the ACLs and the IPsec transform sets for the IPsec policy.
•
To use IKE version 1 (IKEv1) negotiation, configure the IKE peer. For more information about IKE
•
peer configuration, see "Configuring IKE."
The parameters for the local and remote ends must match.
To configure an IPsec policy that uses IKE:
Step
1. Enter system view.
2. Create an IPsec policy that
uses IKE and enter its view.
3. Configure an IPsec connection
name.
4. Assign an ACL to the IPsec
policy.
Command
•
Configure an authentication key in
hexadecimal for AH:
sa authentication-hex { inbound |
outbound } ah [ cipher | simple ]
hex-key
•
Configure an authentication key in
hexadecimal for ESP:
sa authentication-hex { inbound |
outbound } esp [ cipher | simple ]
hex-key
•
Configure an encryption key in
hexadecimal for ESP:
sa encryption-hex { inbound |
outbound } esp [ cipher | simple ]
hex-key
Command
system-view
ipsec policy policy-name
seq-number isakmp
connection-name name
security acl acl-number
307
Remarks
Configure keys properly for the
security protocol (AH or ESP) you
have specified.
For ESP, if you configure an
authentication key, the system
automatically generates an
authentication key and an
encryption key.
Remark
N/A
By default, no IPsec policy exists.
Optional.
By default, no IPsec connection
name is configured.
By default, an IPsec policy
references no ACL.