EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #283 background imageLoading...
Page #283 background image
270
• The remote IP address of the IPsec tunnel is required on an IKE negotiation initiator and is
optional on the responder. The remote IP address specified on the local end must be the same
as the local IP address specified on the remote end.
For an IPsec SA established through IKE negotiation:
• The IPsec SA uses the local lifetime settings or those proposed by the peer, whichever are
smaller.
• The IPsec SA can have both a time-based lifetime and a traffic-based lifetime. The IPsec SA
expires when either lifetime expires.
Directly configuring an IKE-based IPsec policy
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Create an IKE-based IPsec
policy entry
and enter its
view.
ipsec
{
ipv6-policy
|
policy
}
policy-name seq-number
isakmp
By default, no IPsec policy exists.
3.
(Optional.) Configure a
description for the IPsec
policy.
description
text
By default, no description is
configured.
4. Specify an ACL for the IPsec
policy.
security acl
[
ipv6
] { acl-number |
name
acl-name } [
aggregation
|
per-host
]
By default, no ACL is specified for
an IPsec policy.
You can specify only one ACL for
an IPsec policy.
5. Specify IPsec transform sets
for the IPsec policy.
transform-set
transform-set-name&<1-6>
By default, no IPsec transform set
is specified for an IPsec policy.
6. Specify an IKE profile for the
IPsec policy.
ike-profile
profile-name
By default, no IKE
profile is
specified for an IPsec policy, and
the device selects an IKE profile
configured in system view for
negotiation
. If no IKE profile is
configured, the globally
configured IKE settings are used.
You can specify only one IKE
profile for an IPsec policy. The IKE
profile cannot be used by another
IPsec policy or IPsec policy
template.
For more information about IKE
profiles, see "Configuring IKE."
7. Specify an IKEv2 profile for
the IPsec policy.
ikev2-profile
profile-name
The
ikev2-profile
command is
available in Release 1121 and
later.
By default, no IKEv2
profile is
specified for an IPsec policy.
You can specify only one IKEv2
profile for an IPsec policy.
For more information about IKEv2
profiles, see "Configuring IKEv2."
8. Specify the local IP address
of the IPsec tunnel.
local-address
{ ipv4-address |
ipv6
ipv6-address }
By default, the local IPv4 address
of IPsec tunnel is the primary IPv4
address of the interface to which
the IPsec policy is applied
, and
the local IPv6
address of the
IPsec tunnel is the first IPv6

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals