EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #204 background imageLoading...
Page #204 background image
191
# Configure the IPsec profile to reference the IPsec transform set method1.
[RouterB-ipsec-profile-btoa] transform-set method1
[RouterB-ipsec-profile-btoa] quit
# Create tunnel interface Tunnel 1. This interface will be used to protect the data flows between
Router B and Router A. As the public IP address of the remote peer is not known, you do not
need to configure the destination address on the tunnel interface.
[RouterB] interface tunnel 1
# Assign IPv4 address 10.1.1.2/24 to tunnel interface Tunnel 1.
[RouterB–Tunnel1] ip address 10.1.1.2 24
# Set the tunnel mode of tunnel interface Tunnel 1 to IPsec over IPv4.
[RouterB–Tunnel1] tunnel-protocol ipsec ipv4
# Set the source interface of the tunnel to Serial 2/1 on Tunnel 1.
[RouterB–Tunnel1] source serial 2/1
# Apply IPsec profile btoa to tunnel interface Tunnel 1.
[RouterB–Tunnel1] ipsec profile btoa
[RouterB–Tunnel1] quit
# Configure a static route to Router A.
[RouterB] ip route-static 172.17.17.0 255.255.255.0 tunnel 1
3. Verify the configuration:
After the configuration, IKE negotiation is triggered to set up SAs when Serial 2/1 on Router A
complements the dial-up process. If IKE negotiation is successful and SAs are set up, the IPsec
tunnel between Router A and Router B is up, and provides protection for packets traveling
through it.
# Execute the display brief interface command on Router B. The output shows the link status
of the IPsec tunnel interface is up.
[RouterB] display interface tunnel 1 brief
Link: ADM - administratively down; Stby – standby
Protocol: (s) – spoofing
Interface Link Protocol Main IP Description
Tun1 UP UP 10.1.1.2
# Execute the display ike sa command on Router B. The output shows that the SAs of two
phases are established.
[RouterB] display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 1.1.1.2 RD 1 IPSEC
2 1.1.1.2 RD 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT RK--REKEY
# You can also view the IPsec SA information.
[RouterB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals