Configuring Ipsec With Manual Keying - HP 7102dl - ProCurve Secure Router Configuration Manual

Parameter
Local network(s)
Remote network(s)
Parameter
preshared key
digital certificate
Table 10-7. Configuring VPN Traffic
Options
subnet (IP range indicated by
wildcard bits)
subnet (IP range indicated by
wildcard bits)
Authentication Information. You select whether IKE will use preshared
keys or digital certificates for authentication in an IKE policy; however, you
also must configure the actual authentication information that IKE sends. (See
Table 10-8.)
If you select preshared keys, you must associate a peer's preshared key with
its ID in the remote ID list configured from the global configuration mode
context.
If you select a digital signature standard, you must load a CA and self
certificate into the ProCurve Secure Router operating system. The local router
will send the self certificate to authenticate itself to peers. You should also
add the ID for authorized peers to the remote ID list so that peers can
authenticate themselves to the local router. For example, if the certificates
used in your network identify hosts by a certain domain name, you should add
that domain name to the remote ID list.
Table 10-8. Authentication Information
Options
alphanumeric string (for
example: mypassword)
• DSS self certificate
• RSA self certificate

Configuring IPSec with Manual Keying

You are strongly encouraged to use IKE to generate keys. However, if you must
use manual keying, you will configure an inbound and an outbound key for
each connection to a remote site. The local inbound key should match the
remote outbound key and vice versa.
Default Configured in
No default extended ACL permit
statement (source IP)
No default extended ACL permit
statement (destination
IP)
Default Configured in
no default remote ID and preshared
key list
no default • remote ID list
• CA profile
Virtual Private Networks
Configuring a VPN Using IPSec
Reference
page 10-35
page 10-35
Reference
page 10-32
• page
10-32
• page
10-57
10-19