Troubleshooting Ike - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
Figure 69 Network diagram
Configuration procedure
Configure Switch A:
1.
# Configure an IKE peer.
<SwitchA> system-view
[SwitchA] ike peer peer
[SwitchA-ike-peer-peer] pre-shared-key Ab12<><>
[SwitchA-ike-peer-peer] remote-address 2.2.2.2
[SwitchA-ike-peer-peer] quit
# Create an IKE proposal numbered 10.
[SwitchA] ike proposal 10
# Set the authentication algorithm to SHA1.
[SwitchA-ike-proposal-10] authentication-algorithm sha1
# Configure the authentication method as pre-shared key.
[SwitchA-ike-proposal-10] authentication-method pre-share
# Set the ISAKMP SA lifetime to 5000 seconds.
[SwitchA-ike-proposal-10] sa duration 5000
Configure an IKE peer on Switch B:
2.
<SwitchB> system-view
[SwitchB] ike peer peer
[SwitchB-ike-peer-peer] pre-shared-key Ab12<><>
[SwitchB-ike-peer-peer] remote-address 1.1.1.1
With the configuration, Switch A and Switch B should be able to perform IKE negotiation. Switch A is
configured with proposal 10, which uses the authentication algorithm of SHA1. Switch B has only a
default IKE proposal, which uses the authentication algorithm of SHA. Therefore, Switch B has no
proposal matching proposal 10 of Switch A, and the two switches have only one pair of matching
proposals, namely the default IKE proposals. In addition, the two switches are not required to have the
same ISAKMP SA lifetime. They will negotiate one.
Troubleshooting IKE
When you configure parameters to establish an IPsec tunnel, enable IKE error debugging to locate
configuration problems:
<Switch> debugging ike error
205
Advertisement
Table of Contents
Troubleshooting
