HP 10500 Series Configuration Manual page 324
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
[SwitchB] acl number 3101
[SwitchB-acl-adv-3101] rule 0 permit ip source 2.2.3.1 0 destination 2.2.2.1 0
[SwitchB-acl-adv-3101] rule 5 permit ip source 2.2.2.1 0 destination 2.2.3.1 0
[SwitchB-acl-adv-3101] quit
# Create an IPsec proposal named tran1.
[SwitchB] ipsec proposal tran1
# Specify the encapsulation mode as tunnel.
[SwitchB-ipsec-proposal-tran1] encapsulation-mode tunnel
# Specify the security protocol as ESP.
[SwitchB-ipsec-proposal-tran1] transform esp
# Specify the algorithms for the proposal.
[SwitchB-ipsec-proposal-tran1] esp encryption-algorithm aes 128
[SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchB-ipsec-proposal-tran1] quit
# Configure the IKE peer.
[SwitchB] ike peer peer
[SwitchB-ike-peer-peer] pre-shared-key Ab12<><>
[SwitchB-ike-peer-peer] remote-address 2.2.2.1
[SwitchB-ike-peer-peer] quit
# Create an IPsec policy that uses IKE for IPsec SA negotiation.
[SwitchB] ipsec policy use1 10 isakmp
# Apply the ACL.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
# Apply the IPsec proposal.
[SwitchB-ipsec-policy-isakmp-use1-10] proposal tran1
# Apply the IKE peer.
[SwitchB-ipsec-policy-isakmp-use1-10] ike-peer peer
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply the IPsec policy group to VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec policy use1
3.
Verifying the configuration
After the previous configuration, send traffic from Switch B to Switch A. Switch A starts IKE negotiation
with Switch B when receiving the first packet. If IKE negotiation is successful and SAs are set up, the traffic
between the two switches will be IPsec protected.
314
Advertisement
Table of Contents
Troubleshooting
