EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #189 background imageLoading...
Page #189 background image
176
• The IPsec tunnel interfaces of the IPsec tunnel are configured with proper IPsec profiles.
• The expected IKE SA and IPsec SAs are established between the local security gateway and
the peer gateway. Use the display ike sa command to view the status the IKE SA and the
IPsec SAs.
To configure an IPsec tunnel interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a tunnel interface
and enter its view.
interface tunnel
number
By default, no tunnel interface
exists on the device.
3. Assign a private IPv4
address to the tunnel
interface.
ip address
ip-address { mask |
mask-length } [
sub
]
By default, no private IPv4
address is assigned to a tunnel
interface.
4. Set the tunnel mode of
the tunnel interface to
IPsec over IPv4.
tunnel-protocol ipsec ipv4
N/A
5. Specify the source
address or interface of
the tunnel interface.
source
{ ip-address | interface-type
interface-number }
By default, no source address or
interface is specified for a tunnel
interface.
If you specify an interface, the
tunnel interface will take the
primary IP address of the source
interface.
6. Specify the destination
address of the tunnel
interface.
destination
ip-address
Optional for an IKE negotiation
responder, and required for an
IKE negotiation initiator.
By default, no tunnel destination
address is configured.
7. Apply an IPsec profile to
the tunnel interface.
ipsec
profile
profile-name
The IPsec profile must have
been created and have not been
applied to any DVPN tunnel
interface.
For more information about commands interface tunnel, tunnel-protocol, source and destination,
see HPE FlexNetwork MSR Router Series Comware 5 Layer 3—IP Services Commands Reference.
An IPsec profile cannot be applied to both an IPsec tunnel interface and a DVPN tunnel interface
simultaneously.
An IPsec tunnel interface can reference only one IPsec profile.
Apply an IPsec profile to only one IPsec tunnel interface. Although an IPsec profile can be applied to
multiple IPsec tunnel interfaces, it takes effect only on the IPsec tunnel interface that goes up first.
Enabling packet information pre-extraction on the IPsec
tunnel interface
Because packets that an IPsec tunnel interface passes to a physical interface are encapsulated, the
QoS module cannot obtain the 5-tuple (source IP, destination IP, source port, destination port, and
protocol) of the original packets. To address this problem, enable packet information pre-extraction
on the tunnel interface.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals