HPE FlexNetwork MSR Series Configuration Manual page 439
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 security configuration manual (547 pages)
Table of Contents
Advertisement
[Device-luser-network-ike] service-type ike
# Specify the IPv4 address pool pool as the authorized IPv4 address pool for the user ike.
[Device-luser-network-ike] authorization-attribute ip-pool pool
[Device-luser-network-ike] quit
# Add a network user named test.
[Device] local-user test class network
# Authorize the user test to use the IKE service.
[Device-luser-network-test] service-type ike
# Configure a password for the user test.
[Device-luser-network-test] password simple abc
[Device-luser-network-test] quit
# Create an IKE keychain named keychain1.
[Device] ike keychain keychain1
# Set the pre-shared key used for IKE negotiation with the remote peer 1.1.1.1.
[Device-ike-keychain-keychain1] pre-shared-key address 1.1.1.1 255.255.255.255 key
simple 123456TESTplat&!
[Device-ike-keychain-keychain1] quit
# Create an IKE profile named profile1.
[Device] ike profile profile1
# Specify the IKE keychain keychain1 for the IKE profile profile1.
[Device-ike-profile-profile1] keychain keychain1
# Configure the local ID as the IP address 2.2.2.2.
[Device-ike-profile-profile1] local-identity address 2.2.2.2
# Configure the peer ID for IKE profile matching.
[Device-ike-profile-profile1] match remote identity address 1.1.1.1 255.255.255.255
# Enable XAUTH authentication for clients.
[Device-ike-profile-profile1] client-authentication xauth
[Device-ike-profile-profile1] quit
# Enable AAA authorization. Specify the ISP domain dm and the username ike.
[Device-ike-profile-profile1] client-authentication xauth
[Device-ike-profile-profile1] quit
# Created an IPsec transform set named tran1.
[Device] ipsec transform-set tran1
# Specify the encapsulation mode as transport.
[Device-ipsec-transform-set-tran1] encapsulation-mode transport
# Specify the security protocol as ESP.
[Device-ipsec-transform-set-tran1] protocol esp
# Specify the ESP authentication algorithm and encryption algorithm.
[Device-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-256
[Device-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[Device-ipsec-transform-set-tran1] quit
# Create an IPsec policy template entry. Specify the template name as pt and set the sequence
number to 1.
[Device] ipsec policy-template pt 1
# Specify the IPsec transform set tran1.
[Device-ipsec-policy-template-pt-1] transform-set tran1
# Specify the IKE profile profile1.
423
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?