Configuration Tasks; Enabling Crypto Commands; Configuring Ike Policies - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Configuration Tasks

In order to configure a VPN connect using IKE, you must:
enable crypto commands
configure an IKE policy
configure an IKE attribute policy
add an entry for the peer in a remote ID list
configure a transform set
specify VPN traffic in an ACL
configure a crypto map entry
apply the crypto map to an interface
If you are using preshared keys, you must also associate a peer with its
preshared key in the remote ID list.
If you are using digital certificates, you must load a CA and a self certificate
into the Secure Router OS.
If you are configuring a client-to-site VPN, you must also configure an IKE
mode config pool. You can optionally enable Xauth.

Enabling Crypto Commands

After you install the IPSec VPN module, enter the following command from
the global configuration mode context:
ProCurve(config)# ip crypto
This command enables the crypto commands, which you use to configure
the VPN.
For the greatest security and ease of management, you should configure IKE
to manage peer authentication, key exchange, and negotiation of the VPN
tunnel.

Configuring IKE Policies

The IKE policy defines how an IKE SA with a specific peer will be negotiated.
The settings you must configure in an IKE policy include:
the peer's ID
an attribute policy
Virtual Private Networks
Configuring a VPN Using IPSec
8-23