EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #243 background imageLoading...
Page #243 background image
230
# Configure ACL 3101 to identify traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24.
<RouterB> system-view
[RouterB] acl number 3101
[RouterB-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[RouterB-acl-adv-3101] quit
2. Configure an IPsec transform set:
# Create IPsec transform set transform_b.
[RouterB] ipsec transform-set transform_b
# Configure the IPsec transform set to use the security protocol ESP, encryption algorithm DES,
and authentication algorithm SHA1.
[RouterB-ipsec-transform-set-transform_b] transform esp
[RouterB-ipsec-transform-set-transform_b] esp encryption-algorithm des
[RouterB-ipsec-transform-set-transform_b] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-transform_b] quit
3. Configure an IKEv2 proposal:
# Create IKEv2 proposal proposal_b.
[RouterB] ikev2 proposal proposal_b
# Configure the IKEv2 proposal to use the encryption algorithm AES-CBC-192, integrity
protection algorithm MD5, PRF algorithm MD5, and 1024-bit DH group.
[RouterB-proposal-proposal_b] encryption aes-cbc-192
[RouterB-proposal-proposal_b] integrity md5
[RouterB-proposal-proposal_b] prf md5
[RouterB-proposal-proposal_b] group 2
[RouterB-proposal-proposal_b] quit
4. Configure an IKEv2 policy:
# Create IKEv2 policy policy_b.
[RouterB] ikev2 policy policy_b
# Configure the IKEv2 policy to use IKEv2 proposal proposal_b.
[RouterB-policy-policy_b] proposal proposal_b
[RouterB-policy-policy_b] quit
5. Configure an IKEv2 keyring:
# Create IKEv2 keyring keyring_b.
[RouterB] ikev2 keyring keyring_b
# Create IKEv2 peer peer_b.
[RouterB-keyring-keyring_b] peer peer_b
# Configure the address range 1.1.1.1/16 for the peer.
[RouterB-keyring-keyring_b-peer-peer_b] address 1.1.1.1 16
# Use the plain text key 123 for both certificate signing and certificate authentication.
[RouterB-keyring-keyring_b-peer-peer_b] pre-shared-key simple 123
[RouterB-keyring-keyring_b-peer-peer_b] quit
[RouterB-keyring-keyring_b] quit
6. Configure an IKEv2 profile:
# Create IKEv2 profile profile_b.
[RouterB] ikev2 profile profile_b
# Set both the local and remote authentication methods to pre-shared key.
[RouterB-profile-profile_b] authentication local pre-share

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals