HPE FlexNetwork 10500 Series Security Configuration Manual page 396
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
-------------------------------------------
-----------------------------
Sequence number: 1
Mode: ISAKMP
-----------------------------
Security data flow: 3000
Selector mode: aggregation
Local address: 192.168.222.5
Remote address:
Transform set:
IKE profile: profile1
SA duration(time based):
SA duration(traffic based):
SA idle time:
Solution
1.
If the IPsec policy specifies an IKE profile but no matching IKE profiles was found in IKE
negotiation, perform one of the following tasks on the responder:
Remove the specified IKE profile from the IPsec policy.
Modify the specified IKE profile to match the IKE profile of the initiator.
2.
If the flow range defined by the responder's ACL is smaller than that defined by the initiator's
ACL, modify the responder's ACL so the ACL defines a flow range equal to or greater than that
of the initiator's ACL.
For example:
[Sysname] display acl 3000
Advanced IPv4 ACL 3000, 2 rules,
ACL's step is 5
rule 0 permit ip source 192.168.222.0 0.0.0.255 destination 192.168.222.0 0.0.0.255
3.
Configure the missing settings (for example, the remote address).
transform1
379
Advertisement
Table of Contents
Troubleshooting
