HP 10500 Series Configuration Manual page 334

[SwitchA] acl number 3101
[SwitchA-acl-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-adv-3101] rule 1 permit ip source 2.2.2.2 0 destination 1.1.1.1 0
[SwitchA-acl-adv-3101] quit
# Create IPsec proposal tran1.
[SwitchA] ipsec proposal tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-proposal-tran1] encapsulation-mode tunnel
# Use security protocol ESP.
[Switch-ipsec-proposal-tran1] transform esp
# Specify encryption and authentication algorithms.
[SwitchA-ipsec-proposal-tran1] esp encryption-algorithm aes 128
[SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SwitchA-ipsec-proposal-tran1] quit
# Create an IKE proposal numbered 10.
[SwitchA] ike proposal 10
# Set the authentication algorithm to SHA1.
[SwitchA-ike-proposal-10] authentication-algorithm sha
# Configure the authentication method as pre-shared key.
[SwitchA-ike-proposal-10] authentication-method pre-share
# Set the ISAKMP SA lifetime to 5000 seconds.
[SwitchA-ike-proposal-10] sa duration 5000
[SwitchA-ike-proposal-10] quit
# Create IKE peer peer.
[SwitchA] ike peer peer
# Configure the IKE peer to reference IKE proposal 10.
[SwitchA-ike-peer-peer]proposal 10
# Set the pre-shared key.
[SwitchA-ike-peer-peer] pre-shared-key Ab12<><>
# Specify the IP address of the peer security gateway.
[SwitchA-ike-peer-peer] remote-address 2.2.2.2
[SwitchA-ike-peer-peer] quit
# Create an IPsec policy that uses IKE negotiation.
[SwitchA] ipsec policy map1 10 isakmp
# Reference IPsec proposal tran1.
[SwitchA-ipsec-policy-isakmp-map1-10] proposal tran1
# Reference ACL 3101 to identify the protected traffic.
[SwitchA-ipsec-policy-isakmp-map1-10] security acl 3101
# Reference IKE peer peer.
[SwitchA-ipsec-policy-isakmp-map1-10] ike-peer peer
[SwitchA-ipsec-policy-isakmp-map1-10] quit
# Apply the IPsec policy to VLAN-interface 1.
324