EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #240 background imageLoading...
Page #240 background image
227
Step Command Remarks
13. Specify the local
address pool.
{
ip-pool
|
ipv6-pool
} pool-name
Optional.
By default, an IKEv2 profile
references no address pool.
14. Specify a mask length
or prefix length for the
address pool.
{
ip-mask
mask-length |
ipv6-mask
prefix-length }
Optional.
By default, the mask length of a local
IPv4 address pool referenced by an
IKEv2 profile is 32, and the prefix
length of a local IPv6 address pool
referenced by an IKEv2 profile is
128.
Displaying and maintaining IKEv2
Task Command Remarks
Display IKEv2 profile
configuration information.
display ikev2 profile
[ profile-name] [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display IKEv2 policy
configuration information.
display ikev2 policy
[ policy-name |
default
] [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display the current IKEv2 SA
information.
display ikev2 sa
[ {
local
|
remote
}
{ ipv4-address |
ipv6
ipv6-address } ]
[
verbose
] [
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display the IKEv2 proposal
configuration information.
display ikev2 proposal
[ proposal-name
|
default
]
[
|
{
begin
|
exclude
|
include
}
regular-expression ]
Available in any view.
Display IKEv2 negotiation
statistics.
display ikev2 statistics
[
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view.
Reset IKEv2 negotiation
statistics.
reset ikev2 statistics
Available in user view.
Delete IKEv2 SAs and the IPsec
SAs negotiated by them.
reset ikev2 sa
[ {
local-address
|
remote-address
} { ipv4-address |
ipv6
ipv6-address } ]
Available in user view.
IKEv2 configuration examples
Configuring IKEv2 pre-shared key authentication
Network requirements
An IPsec tunnel is required between Router A and Router B to protect the traffic between subnet
10.1.1.0/24 and subnet 10.1.2.0/24. The specific requirements are as follows:
• Use IKEv2 to dynamically negotiate keys and establish and maintain IPsec SAs.
• Configure IKEv2 to use the encryption algorithm AES-CBC-192, integrity protection algorithm
MD5, PRF algorithm MD5, and 1024-bit DH group.
• Set both the local and remote authentication methods to pre-shared key.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals