HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 483

6. Create an IKE policy:
Syntax: crypto ike policy <IKE policynumber>
For example:
ProCurve(config)# crypto ike policy 10
7. Prevent the router from initiating IKE:
ProCurve(config-crypto-ike)# no initiate
8. Set the peer ID:
ProCurve(config-crypto-ike)# peer any
9. Apply the IKE client pool to the IKE policy:
Syntax: client configuration pool <poolname>
10. Create an attribute policy:
Syntax: attribute <attribute policynumber>
11. Enter settings for the IKE SA, including authentication method, authenti-
cation algorithm, encryption algorithm, Diffie-Hellman group, and IKE SA
lifetime:
Syntax: authentication [dss-sig | pre-share | rsa-sig]
Syntax: hash [md5 | sha]
Syntax: encryption [3des | aes-128-cbc | aes-192-cbc | aes-256-cbc | des]
Syntax: group [1 | 2]
Syntax: lifetime <seconds>
12. If so desired, repeat steps 11 and 12 to configure multiple attribute
policies. The router uses the policy with the lowest number first.
13. If so desired, configure another IKE policy to connect to a remote site.
(See "Configuring a Site-to-Site VPN" on page 8-90.)
14. Exit to the global configuration mode and configure algorithms for the
IPSec SA in a transform set:
• AH protocol:
Syntax: crypto ipsec transform-set <setname> [ah-md5-hmac | ah-sha-
hmac]
• ESP protocol:
Syntax: crypto ipsec transform-set <setname> [esp-des | esp-3des | esp-
aes-128-cbc | esp-aes-192-cbc | esp-aes-256-cbc | esp-null] [esp-md5-
hmac | esp-sha-hmac]
Virtual Private Networks
Quick Start
8-97