Ikev2 Configuration Examples; Ikev2 With Pre-Shared Key Authentication Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual

Task
Display the IKEv2 policy configuration.
Display the IKEv2 profile configuration.
Display the IKEv2 SA information.
Display IKEv2 statistics.
Delete IKEv2 SAs and the child SAs negotiated
through the IKEv2 SAs.
Clear IKEv2 statistics.

IKEv2 configuration examples

IKEv2 with pre-shared key authentication configuration
example
Network requirements
As shown in
secure the communication between them.
•
Configure Switch A and Switch B to use the default IKEv2 proposal and the default IKEv2 policy
in IKEv2 negotiation to set up IPsec SAs.
•
Configure the two switches to use the pre-shared key authentication method in IKEv2
negotiation.
Figure 102 Network diagram
Vlan-int1
1.1.1.1/16
Switch A
Configuration procedures
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
# Configure IPv4 advanced ACL 3101 to identify the traffic between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
Figure 102, configure an IKE-based IPsec tunnel between Switch A and Switch B to
Internet
Command
display ikev2 policy [ policy-name | default ]
display ikev2 profile [ profile-name ]
display ikev2 sa [ count | [ { local | remote }
{ ipv4-address | ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] [ verbose [ tunnel
tunnel-id ] ] ]
display ikev2 statistics
reset ikev2 sa [ [ { local | remote } { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] | tunnel tunnel-id ] [ fast ]
reset ikev2 statistics
Vlan-int1
2.2.2.2/16
Switch B
390