HPE FlexNetwork 5510 HI Series Security Configuration Manual page 319
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Analysis
Certain IPsec policy settings of the responder are incorrect. Verify the settings as follows:
1.
Use the display ike sa verbose command to verify that matching IKE profiles were found in
IKE negotiation phase 1. If no matching IKE profiles were found and the IPsec policy has an IKE
profile specified, the IPsec SA negotiation fails.
# Verify that matching IKE profiles were found in IKE negotiation phase 1.
<Sysname> display ike sa verbose
-----------------------------------------------
Connection ID: 3
Outside VPN:
Inside VPN:
Profile:
Transmitting entity: Responder
-----------------------------------------------
Local IP: 192.168.222.5
Local ID type: IPV4_ADDR
Local ID: 192.168.222.5
Remote IP: 192.168.222.71
Remote ID type: IPV4_ADDR
Remote ID: 192.168.222.71
Authentication-method: PRE-SHARED-KEY
Authentication-algorithm: MD5
Encryption-algorithm: 3DES-CBC
Life duration(sec): 86400
Remaining key duration(sec): 85847
Exchange-mode: Main
Diffie-Hellman group: Group 1
NAT traversal: Not detected
# Verify that the IPsec policy has an IKE profile specified.
[Sysname] display ipsec policy
-------------------------------------------
IPsec Policy: policy1
Interface: Vlan-interface1
-------------------------------------------
-----------------------------
Sequence number: 1
Mode: isakmp
-----------------------------
Description:
Security data flow: 3000
Selector mode: aggregation
Local address: 192.168.222.5
Remote address: 192.168.222.71
Transform set:
transform1
306
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
