HP FlexNetwork 10500 Series Security Configuration Manual page 305
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
2.
Create an IPsec policy
template and enter its view.
3.
(Optional.) Configure a
description for the IPsec
policy template.
4.
(Optional.) Specify an ACL
for the IPsec policy template.
5.
Specify IPsec transform sets
for the IPsec policy template.
6.
Specify an IKE profile for the
IPsec policy template.
7.
Specify an IKEv2 profile for
the IPsec policy template.
8.
(Optional.) Specify the local
IP address of the IPsec
tunnel.
9.
(Optional.) Specify the
remote IP address of the
IPsec tunnel.
10. Configure the IPsec SA
lifetime.
11. (Optional.) Set the IPsec SA
idle timeout.
Command
ipsec { ipv6-policy-template |
policy-template } template-name
seq-number
description text
security acl [ ipv6 ] { acl-number
| name acl-name } [ aggregation
| per-host ]
transform-set
transform-set-name&<1-6>
ike-profile profile-name
ikev2-profile profile-name
local-address { ipv4-address |
ipv6 ipv6-address }
remote-address { [ ipv6 ]
host-name | ipv4-address | ipv6
ipv6-address }
sa duration { time-based
seconds | traffic-based
kilobytes }
sa idle-time seconds
291
Remarks
By default, no IPsec policy
template exists.
By default, no description is
configured.
By default, no ACL is specified for
the IPsec policy template.
You can specify only one ACL for
an IPsec policy template.
By default, no IPsec transform
sets are specified for an IPsec
policy template.
By default, no IKE profile is
specified for an IPsec policy
template.
You can specify only one IKE
profile for an IPsec policy
template. The IKE profile cannot
be used by another IPsec policy
template or IPsec policy.
For more information about IKE
profiles, see
"Configuring
By default, no IKEv2 profile is
specified for the IPsec policy
template.
You can specify only one IKEv2
profile for an IPsec policy
template.
For more information about IKEv2
profiles, see
"Configuring
By default, the local IPv4 address
of IPsec tunnel is the primary IPv4
address of the interface to which
the IPsec policy is applied, and
the local IPv6 address of the
IPsec tunnel is the first IPv6
address of the interface to which
the IPsec policy is applied.
The local IP address specified by
this command must be the same
as the IP address used as the
local IKE identity.
By default, the remote IP address
of the IPsec tunnel is not
specified.
By default, the global SA lifetime
settings are used.
By default, the global SA idle
timeout is used.
IKE."
IKEv2."
Advertisement
Table of Contents
Troubleshooting
