Ikev2 With Rsa Signature Authentication Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual

# Specify the IPsec transform set tran1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] transform-set tran1
# # Specify the IKEv2 profile profile1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] ikev2-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply the IPsec policy use1 to VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
# Specify an Ethernet interface module or a service module for forwarding the traffic on the
interface.
[SwitchB-Vlan-interface1] service slot 3
[SwitchB-Vlan-interface1] quit
Verifying the configuration
# Initiate a connection between Switch A and Switch B to trigger IKEv2 negotiation. After IPsec SAs
are successfully negotiated by IKEv2, traffic between the switches is IPsec protected.
IKEv2 with RSA signature authentication configuration
example
Network requirements
As shown in
secure the communication between them.
Configure Switch A and Switch B to use IKEv2 negotiation and RSA signature authentication.
Figure 98 Network diagram
Configuration procedure
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
# Configure IPv4 advanced ACL 3101 to identify the traffic between Switch A and Switch B.
[SwitchA] acl advanced 3101
[SwitchA-acl-ipv4-adv-3101] rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
[SwitchA-acl-ipv4-adv-3101] quit
# Create an IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
Figure 98, configure an IKE-based IPsec tunnel between Switch A and Switch B to
349