HP 7102dl - ProCurve Secure Router Configuration Manual page 519

N o t e
N o t e
Local Router
LAN1
192.168.1.0/24 192.168.2.0/24
Figure 10-4. Peer ID
To configure Local Router shown in Figure 10-4, you should enter:
ProCurve(config-ike)# peer 10.2.2.2
Even in a VPN with several sites, your ProCurve Secure Router creates an
individual VPN tunnel to each site. (Remember that VPN tunnels are point-to-
point connections.) However, you can use the same IKE policy to negotiate
the preliminary IKE SA for different VPN tunnels. Evaluate the security
parameters required for each VPN connection and use the same IKE policy
for connections at the same security level. To configure multiple peers, simply
enter the command multiple times.
When you configure more than one peer ID for a policy, it can no longer initiate
IKE. If the local router must be able to initiate IKE, you should configure a
separate IKE policy for each peer.
If you want IKE to negotiate different security parameters for connections to
various sites (for example, a key using a less processor-intensive algorithm),
you must configure a separate IKE policy for each site.
If the remote gateway has a dynamic address, you must set the peer ID to any.
The policy will not be able to initiate IKE.
Internet
LAN2
Peer ID
Virtual Private Networks
Configuring a VPN Using IPSec
10.2.2.2
Peer Router
LAN1 LAN2
192.168.3.0/24 192.168.4.0/24
10-25