Peer Id - HP 7102dl - ProCurve Secure Router Configuration Manual

Virtual Private Networks
Configuring a VPN Using IPSec
10-24
You can also alter the default settings for:
initiate mode
response mode
IKE SA security parameters stored in the attribute policy, including:
• hash algorithm
• encryption algorithm
• Diffie-Hellman group
• authentication method
To begin configuring an IKE policy, enter this command from the global
configuration mode context:
Syntax: crypto ike policy <index number>
The index number determines the priority for the IKE policy and must be a
value between 1 and 10,000. When the router needs to negotiate an IPSec SA
with a peer or to respond to a peer's IKE negotiations, it searches IKE policies
for one that matches the peer. Because the router begins with the policy with
the lowest index number, the lower the index number, the higher the priority.
After entering the crypto ike policy command, you will enter the IKE policy
configuration mode context, indicated by this prompt:
ProCurve(config)# crypto ike policy 1
ProCurve(config-ike)#

Peer ID

The peer ID defines the gateway devices or VPN clients with which IKE can
establish an IKE SA. You must add the peer ID for each peer in the VPN to at
least one IKE policy.
The peer ID type for an IKE policy is always an IP address. This is because
IKE is responsible for initial communications with a potential VPN peer; it
must know where to reach the peer.
Site-to-Site Configuration. The peer ID is the public IP address for the
remote gateway device. Usually this is the IP address on the remote router for
the interface connecting to the Internet.
To set the ID, enter:
Syntax: peer <A.B.C.D>