HP 6600 Security Configuration Manual page 297
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Figure 99 Network diagram
Configuration considerations
Configure an IPsec tunnel interface on each router and configure a static route on each router to route the
packets destined to the peer to the IPsec tunnel interface for IPsec protection.
Configuration procedure
1.
Configure Router A:
# Name the local gateway routera.
<RouterA> system-view
[RouterA] ike local-name routera
# Configure an IKE peer named atob. As the local peer obtains the IP address automatically, set
the IKE negotiation mode to aggressive.
[RouterA] ike peer atob
[RouterA-ike-peer-atob] exchange-mode aggressive
[RouterA-ike-peer-atob] pre-shared-key simple aabb
[RouterA-ike-peer-atob] id-type name
[RouterA-ike-peer-atob] remote-name routerb
[RouterA-ike-peer-atob] quit
# Create an IPsec transform set named method1. This IPsec transform set uses the default settings:
the security protocol of ESP, the encryption algorithm of DES, and the authentication algorithm of
MD5.
[RouterA] ipsec transform-set method1
[RouterA-ipsec-transform-set-method1] transform esp
[RouterA-ipsec-transform-set-method1] esp encryption-algorithm des
[RouterA-ipsec-transform-set-method1] esp authentication-algorithm md5
[RouterA-ipsec-transform-set-method1] quit
# Create an IPsec profile named atob.
[RouterA] ipsec profile atob
# Configure the IPsec profile to reference the IKE peer.
[RouterA-ipsec-profile-atob] ike-peer atob
# Configure the IPsec profile to reference the IPsec transform set method1.
[RouterA-ipsec-profile-atob] transform-set method1
[RouterA-ipsec-profile-atob] quit
# Create tunnel interface Tunnel1.
[RouterA] interface tunnel 1
# Assign IPv4 address 10.1.1.1/24 to tunnel interface Tunnel1.
283
Advertisement
Table of Contents
Troubleshooting
