HP 7102dl - ProCurve Secure Router Configuration Manual page 591

1. Install the IPSec VPN module.
2. Enable VPN functions:
ProCurve(config)# ip crypto
3. Configure an IKE mode config pool:
Syntax: crypto ike client configuration pool <poolname>
4. Specify the range of private network addresses in the pool:
Syntax: ip-range <first A.B.C.D> <last A.B.C.D>
5. You can also specify server addresses for clients in the pool:
Syntax: dns-server <A.B.C.D> [<A.B.C.D>]
Syntax: netbios-name-server <A.B.C.D> [<A.B.C.D>]
6. Create an IKE policy:
Syntax: crypto ike policy <IKE policynumber>
For example:
ProCurve(config)# crypto ike policy 10
7. Prevent the router from initiating IKE:
ProCurve(config-crypto-ike)# no initiate
8. Set the peer ID:
ProCurve(config-crypto-ike)# peer any
9. Apply the IKE client pool to the IKE policy:
Syntax: client configuration pool <poolname>
10. Create an attribute policy:
Syntax: attribute <attribute policynumber>
11. Enter settings for the IKE SA, including authentication method, authenti-
cation algorithm, encryption algorithm, Diffie-Hellman group, and IKE SA
lifetime:
Syntax: authentication [dss-sig | pre-share | rsa-sig]
Syntax: hash [md5 | sha]
Syntax: encryption [3des | aes-128-cbc | aes-192-cbc | aes-256-cbc | des]
Syntax: group [1 | 2]
Syntax: lifetime <seconds>
12. If so desired, repeat steps 11 and 12 to configure multiple attribute
policies. The router uses the policy with the lowest number first.
Virtual Private Networks
Quick Start
10-97