HPE FlexNetwork MSR Series Configuration Manual page 10
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 security configuration manual (547 pages)
Table of Contents
Advertisement
Main mode IKE with pre-shared key authentication configuration example ··································· 403
Aggressive mode with RSA signature authentication configuration example ································· 407
Aggressive mode with NAT traversal configuration example ······················································ 414
IKE remote extended authentication configuration example ······················································· 419
IKE local extended authentication and address pool authorization configuration example ················ 422
Troubleshooting IKE ················································································································· 426
IKE negotiation failed because no matching IKE proposals were found ········································ 426
IKE negotiation failed because no IKE proposals or IKE keychains are specified correctly ··············· 426
IPsec SA negotiation failed because no matching IPsec transform sets were found ······················· 427
IPsec SA negotiation failed due to invalid identity information ···················································· 427
Configuring IKEv2 ········································································ 431
Overview ································································································································ 431
IKEv2 negotiation process··································································································· 431
New features in IKEv2 ········································································································ 432
Protocols and standards ····································································································· 432
IKEv2 configuration task list ······································································································· 432
Configuring an IKEv2 profile ······································································································· 433
Configuring an IKEv2 policy ······································································································· 436
Configuring an IKEv2 proposal ··································································································· 437
Configuring an IKEv2 keychain ··································································································· 438
Configure global IKEv2 parameters ····························································································· 439
Enabling the cookie challenging feature ················································································· 439
Configuring the IKEv2 DPD feature ······················································································· 439
Configuring the IKEv2 NAT keepalive feature ········································································· 440
Configuring IKEv2 address pools ·························································································· 440
Displaying and maintaining IKEv2 ······························································································· 440
IKEv2 configuration examples ···································································································· 441
IKEv2 with pre-shared key authentication configuration example ················································ 441
IKEv2 with RSA signature authentication configuration example ················································· 446
IKEv2 with NAT traversal configuration example ····································································· 454
Troubleshooting IKEv2 ·············································································································· 458
IKEv2 negotiation failed because no matching IKEv2 proposals were found ································· 458
IPsec SA negotiation failed because no matching IPsec transform sets were found ······················· 459
IPsec tunnel establishment failed ························································································· 459
Configuring SSH ·········································································· 460
Overview ································································································································ 460
How SSH works ················································································································ 460
SSH authentication methods ······························································································· 461
FIPS compliance ······················································································································ 462
Configuring the device as an SSH server ······················································································ 462
SSH server configuration task list ························································································· 462
Generating local key pairs ··································································································· 463
Enabling the Stelnet server ································································································· 464
Enabling the SFTP server ··································································································· 464
Enabling the SCP server ····································································································· 464
Enabling NETCONF over SSH ····························································································· 464
Configuring the user lines for SSH login ················································································· 465
Configuring a client's host public key ····················································································· 465
Configuring an SSH user ···································································································· 466
Configuring the SSH management parameters ······································································· 468
Configuring the device as an Stelnet client ···················································································· 469
Stelnet client configuration task list ······················································································· 469
Generating local key pairs ··································································································· 469
Specifying the source IP address for SSH packets··································································· 469
Establishing a connection to an Stelnet server ········································································ 470
Configuring the device as an SFTP client ····················································································· 472
SFTP client configuration task list ························································································· 472
Generating local key pairs ··································································································· 472
Specifying the source IP address for SFTP packets ································································· 472
Establishing a connection to an SFTP server ·········································································· 473
viii
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?