EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #242 background imageLoading...
Page #242 background image
229
# Create IKEv2 keyring keyring_a.
[RouterA] ikev2 keyring keyring_a
# Create IKEv2 peer peer_a.
[RouterA-keyring-keyring_a] peer peer_a
# Configure the address range 2.2.2.2/16 for the peer.
[RouterA-keyring-keyring_a-peer-peer_a] address 2.2.2.2 16
# Use the plain text key 123 for both certificate signing and certificate authentication.
[RouterA-keyring-keyring_a-peer-peer_a] pre-shared-key simple 123
[RouterA-keyring-keyring_a-peer-peer_a] quit
[RouterA-keyring-keyring_a] quit
6. Configure an IKEv2 profile:
# Create IKEv2 profile profile_a.
[RouterA] ikev2 profile profile_a
# Set both the local and remote authentication methods to pre-shared key.
[RouterA-profile-profile_a] authentication local pre-share
[RouterA-profile-profile_a] authentication remote pre-share
# Use the FQDN router_a as the local identity information.
[RouterA-profile-profile_a] identity local fqdn router_a
# Use the keyring keyring_a.
[RouterA-profile-profile_a] keyring keyring_a
# Use remote FQDN router_b for IKEv2 profile matching.
[RouterA-profile-profile_a] match identity remote fqdn router_b
[RouterA-profile-profile_a] quit
7. Configure an IPsec policy that uses IKEv2.
[RouterA] ipsec policy map 1 isakmp
[RouterA-ipsec-policy-isakmp-map1-1] encapsulation-mode tunnel
[RouterA-ipsec-policy-isakmp-map1-1] security acl 3101
[RouterA-ipsec-policy-isakmp-map1-1] ikev2 profile profile_a
[RouterA-ipsec-policy-isakmp-map1-1] remote-address 2.2.2.2
[RouterA-ipsec-policy-isakmp-map1-1] local-address 1.1.1.1
[RouterA-ipsec-policy-isakmp-map1-1] transform-set transform_a
[RouterA-ipsec-policy-isakmp-map1-1] quit
8. Assign an IP address to interface Ethernet 1/2.
[RouterA] interface ethernet 1/2
[RouterA-Ethernet1/2] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet1/2] quit
9. Assign an IP address to interface Ethernet 1/1.
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 1.1.1.1 255.255.0.0
10. Apply the IPsec policy group on interface Ethernet 1/1.
[RouterA-Ethernet1/1] ipsec policy map
[RouterA-Ethernet1/1] quit
11. Configure a static route to subnet 10.1.2.0/24.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 2.2.2.2
Configure the security gateway Router B
1. Configure an ACL:

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals