Ikev2 With Rsa Signature Authentication Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual

# Specify ACL 3101 to identify the traffic to be protected.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
# Specify IPsec transform set tran1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] transform-set tran1
# # Specify IKEv2 profile profile1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] ikev2-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply IPsec policy use1 to VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
Verifying the configuration
# Initiate a connection between Switch A and Switch B to trigger IKEv2 negotiation. After IPsec SAs
are successfully negotiated by IKEv2, traffic between the switches is IPsec protected.
IKEv2 with RSA signature authentication configuration
example
Network requirements
As shown in
secure the communication between them.
Configure Switch A and Switch B to use IKEv2 negotiation and RSA signature authentication.
Figure 103 Network diagram
CA server
Configuration procedure
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
# Configure IPv4 advanced ACL 3101 to identify the traffic between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode tunnel
Figure 103, configure an IKE-based IPsec tunnel between Switch A and Switch B to
Vlan-int1
1.1.1.1/16
Internet
Switch A
CA server
Vlan-int1
2.2.2.2/16
Switch B
393