EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #307 background imageLoading...
Page #307 background image
294
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2.
Create an IKE profile and
enter its view.
ike profile
profile-name
By default, no IKE profile is
configured.
3. Configure a peer ID.
match remote
{
certificate
policy-name
|
identity
{
address
{ { ipv4-address [ mask | mask-length ]
|
range
low-ipv4-address
high-ipv4-address } |
ipv6
{ ipv6-address [ prefix-length ] |
range
low-ipv6-address
high-ipv6-address } } [
vpn-instance
vpn-name ] |
fqdn
fqdn-name |
user-fqdn
user-fqdn-name } }
By default, an IKE profile has
no peer ID.
Each of the two peers must
have at least one peer ID
configured.
4.
Specify the keychain for
pre-
shared key
authentication or the PKI
domain used to request a
certificate for digital
signature authentication.
• To specify the keych
ain for
pre-shared key authentication:
keychain keychain-name
• To specify the PKI domain used
to request a certificate for digital
signature authentication:
certificate domain
domain-name
Configure at least one
command as required.
By default, no IKE keychain or
PKI domain is specified for an
IKE profile.
5. Specify the IKE negotiation
mode for phase 1.
• In non-FIPS mode:
exchange-mode { aggressive |
main }
• In FIPS mode:
exchange-mode main
By default, the main mode is
used during IKE negotiation
phase 1.
6.
Specify IKE proposals for
the IKE profile.
proposal
proposal-number&<1-6>
By default, no IKE proposals
are specified for an IKE profile
and the IKE proposals
configured in system view are
used for IKE negotiation.
7. Configure the local ID.
local-identity
{
address
{
ipv4-address |
ipv6
ipv6-address
} |
dn
|
fqdn
[ fqdn-name ] |
user-fqdn
[ user-fqdn-name ] }
By default, no local ID is
configured for an IKE profile,
and an IKE profile uses the
local ID configured in system
view. If the local ID is not
configured in system view, the
IKE profile uses the IP address
of the interface to which the
IPsec policy or IP
sec policy
template is applied as the local
ID.
8.
(Optional.) Configure IKE
DPD.
dpd interval
interval-seconds [
retry
seconds ]
{
on-demand
|
periodic
}
By default, the IKE DPD
feature is not configured for an
IKE profile and an IKE profile
uses the DPD settings
configured in system view. If
the IKE DPD feature is not
configured in system either,
the device does not perform
dead IKE peer detection.
9. (Optional.) Specify the local
interface or IP address to
which the IKE profile can be
applied.
match local address
{
interface-type
interface-number
| { ipv4-address
|
ipv6
ipv6-address } [
vpn-instance
vpn-name ] }
By default, an IKE profile can
be applied to any local
interface or IP address.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals