EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #211 background imageLoading...
Page #211 background image
198
[RouterA-ipsec-policy-isakmp-map1-10] ike-peer peer
# Enable dynamic IPsec RRI and use 1.1.1.2 as the next hop of the static route.
[RouterA-ipsec-policy-isakmp-map1-10] reverse-route remote-peer 1.1.1.2
[RouterA-ipsec-policy-isakmp-map1-10] quit
# Apply IPsec policy map1 to interface Ethernet 1/1.
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ipsec policy map1
[RouterA-Ethernet1/1] quit
3. Configure Router B:
# Configure ACL 3101 to identify traffic from subnet 10.5.5.0/24 to subnet 10.4.4.0/24.
<RouterB> system-view
[RouterB] acl number 3101
[RouterB-acl-adv-3101] rule permit ip source 10.5.5.0 0.0.0.255 destination 10.4.4.0
0.0.0.255
[RouterB-acl-adv-3101] quit
# Configure a static route to subnet 10.4.4.0/24.
[RouterB] ip route-static 10.4.4.0 255.255.255.0 1.1.1.1
# Create IPsec transform set tran1.
[RouterB] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[RouterB-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Use ESP as the security protocol.
[RouterB-ipsec-transform-set-tran1] transform esp
# Use DES as the encryption algorithm and SHA1-HMAC-96 as the authentication algorithm.
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Create IKE peer peer.
[RouterB] ike peer peer
# Set the pre-shared key.
[RouterB-ike-peer-peer] pre-shared-key abcde
# Specify the IP address of the peer security gateway.
[RouterB-ike-peer-peer] remote-address 1.1.1.1
[RouterB-ike-peer-peer] quit
# Create an IPsec policy that uses IKE.
[RouterB] ipsec policy use1 10 isakmp
# Reference ACL 3101 to identify the protected traffic.
[RouterB-ipsec-policy-isakmp-use1-10] security acl 3101
# Reference IPsec transform set tran1.
[RouterB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Reference IKE peer peer.
[RouterB-ipsec-policy-isakmp-use1-10] ike-peer peer
[RouterB-ipsec-policy-isakmp-use1-10] quit
# Apply IPsec policy use1 to interface Ethernet 1/1.
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ipsec policy use1
4. Verify the configuration:

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals