Ikev2 Configuration Examples; Ikev2 With Pre-Shared Key Authentication Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual

Task
Display the IKEv2 policy configuration.
Display the IKEv2 profile configuration.
Display the IKEv2 SA information.
Delete IKEv2 SAs and the child SAs negotiated
through the IKEv2 SAs.

IKEv2 configuration examples

IKEv2 with pre-shared key authentication configuration
example
Network requirements
As shown in
secure the communication between them.
•
Configure Switch A and Switch B to use the default IKEv2 proposal and the default IKEv2 policy
in IKEv2 negotiation to set up IPsec SAs.
•
Configure the two switches to use the pre-shared key authentication method in IKEv2
negotiation.
Figure 97 Network diagram
Configuration procedures
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
# Configure IPv4 advanced ACL 3101 to identify the traffic between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Use the ESP protocol for the IPsec transform set.
[SwitchA-ipsec-transform-set-tran1] protocol esp
Figure 97, configure an IKE-based IPsec tunnel between Switch A and Switch B to
Command
display ikev2 policy [ policy-name | default ]
display ikev2 profile [ profile-name ]
display ikev2 sa [ { count | local | remote }
{ ipv4-address | ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] [ verbose [ tunnel tunnel-id ] ]
reset ikev2 sa [ [ { local | remote } { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] | tunnel tunnel-id ] [ fast ]
346