Configuring Ipsec With Ipsec Tunnel Interfaces - HP 6600 Security Configuration Manual

# Specify the encapsulation mode as tunnel.
[RouterB-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Specify the security protocol as ESP.
[RouterB-ipsec-transform-set-tran1] transform esp
# Specify the algorithms for the IPsec transform set.
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Configure the IKE peer.
[RouterB] ike peer peer
[RouterB-ike-peer-peer] pre-share-key abcde
[RouterB-ike-peer-peer] remote-address ipv6 111::1
[RouterB-ike-peer-peer] quit
# Create an IPsec policy that uses IKE for IPsec SA negotiation.
[RouterB] ipsec policy use1 10 isakmp
# Apply the ACL.
[RouterB-ipsec-policy-isakmp-use1-10] security acl ipv6 3101
# Apply the IPsec transform set.
[RouterB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Apply the IKE peer.
[RouterB-ipsec-policy-isakmp-use1-10] ike-peer peer
[RouterB-ipsec-policy-isakmp-use1-10] quit
# Apply the IPsec policy group to the interface.
[RouterB] interface gigabitethernet 3/0/2
[RouterB-GigabitEthernet3/0/2] ipsec policy use1
3. Verify the configuration:
After the configuration, IKE negotiation will be triggered to set up SAs when there is traffic between
subnet 333::0/64 and subnet 555::0/64. If IKE negotiation is successful and SAs are set up, the
traffic between the two subnets will be IPsec protected.

Configuring IPsec with IPsec tunnel interfaces

Network requirements
As shown in
obtains the IP address dynamically. The headquarters accesses the Internet by using a fixed IP address.
Configure an IPsec tunnel to protect the traffic between the branch and the headquarters. Make sure that
the IPsec configuration of the headquarters' gateway remains relatively stable despite of changes of the
branch's private IP address segment.
Figure 99, the gateway of the branch accesses the Internet through a dial-up line and
282