HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 429

Virtual Private Networks
Configuring a VPN Using IPSec
To create a crypto map entry, enter the following command from the global
configuration mode context:
Syntax: crypto map <mapname> <map index> [ipsec-ike | ipsec-manual]
The mapname is an alphanumeric string. You can configure a set of crypto
map entries that have the same name but different map indexes, which you
apply together to an interface. This is how, for example, you would configure
a VPN to multiple sites.
The map index is a number between 0 and 65,535 that indicates to the
ProCurve Secure Router in what order to process entries.
The ipsec-manual keyword allows you to enter keys manually rather than
have IKE generate them automatically. This option is less secure and more
complicated to configure. (For more instructions, see "Configuring a VPN
using IPSec with Manual Keying" on page 8-64.)
To configure a crypto map entry that uses IKE, you would enter, for example:
ProCurve(config)# crypto map VPN 0 ipsec-ike
After creating the crypto map entry, you will enter the crypto map configura-
tion mode:
ProCurve(config-crypto-map)#
Peer's Remote ID. You must set one and only one peer ID.
In a site-to-site VPN, the peer's remote ID is the ID of the gateway device for
the remote networks. Unlike the remote ID configured in the remote ID list,
this must be an IP address—the WAN interface that connects to the Internet
on the remote router.
The router uses the peer ID in the crypto map to select an IKE policy for
communicating with the peer. (In other words, the peer ID in the crypto map
entry must match the peer ID in the IKE policy used to establish the IKE SA.)
Use the following command to set the peer's ID:
Syntax: set peer <A.B.C.D>
For example:
ProCurve(config-crypto-map)# set peer 10.2.2.1
8-43