EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #198 background imageLoading...
Page #198 background image
185
[RouterB-ipsec-transform-set-tran1] quit
# Configure the IKE peer.
[RouterB] ike peer peer
[RouterB-ike-peer-peer] pre-shared-key abcde
[RouterB-ike-peer-peer] remote-address 2.2.2.1
[RouterB-ike-peer-peer] quit
# Create an IPsec policy that uses IKE for IPsec SA negotiation.
[RouterB] ipsec policy use1 10 isakmp
# Apply the ACL.
[RouterB-ipsec-policy-isakmp-use1-10] security acl 3101
# Apply the IPsec transform set.
[RouterB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Apply the IKE peer.
[RouterB-ipsec-policy-isakmp-use1-10] ike-peer peer
[RouterB-ipsec-policy-isakmp-use1-10] quit
# Configure the IP address of the serial interface.
[RouterB] interface serial 2/2
[RouterB-Serial2/2] ip address 2.2.3.1 255.255.255.0
# Apply the policy group to the interface.
[RouterB-Serial2/2] ipsec policy use1
[RouterB-Serial2/2] quit
# Enter encryption card interface view.
[RouterA] interface encrypt 5/2
# Bind the IPsec policy to the card and specify the card as the primary.
[RouterA-Encrypt5/2] ipsec binding policy use1 10 primary
[RouterA-Encrypt5/2] quit
# Enable the encryption engine.
[RouterA] cryptoengine enable
# Enable the IPsec module backup function.
[RouterA] ipsec cpu-backup enable
3. Verify the configuration:
After the configuration, IKE negotiation will be triggered to set up SAs when there is traffic
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. If IKE negotiation is successful and SAs
are set up, the traffic between the two subnets will be IPsec protected through the encryption
card.
Configuring IPsec interface backup
Network requirements
As shown in Figure 60, configure two IPsec tunnels operating in backup mode between Router A and
Router B to protect data flows between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
Configure the two tunnels to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96. Use IKE for IPsec SA negotiation. Configure a shared
source interface policy group to achieve smooth traffic switchover between the two interfaces.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals