EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #248 background imageLoading...
Page #248 background image
235
[RouterA-acl-adv-3101] quit
3. Configure an IPsec transform set:
# Create IPsec transform set transform_a.
[RouterA] ipsec transform-set transform_a
# Configure the IPsec transform set to use the security protocol ESP, encryption algorithm DES,
and authentication algorithm SHA1.
[RouterA-ipsec-transform-set-transform_a] transform esp
[RouterA-ipsec-transform-set-transform_a] esp encryption-algorithm des
[RouterA-ipsec-transform-set-transform_a] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-transform_a] quit
4. Configure an IKEv2 proposal:
# Create IKEv2 proposal proposal_a.
[RouterA] ikev2 proposal proposal_a
# Configure the IKEv2 proposal to use the encryption algorithm AES-CBC-192, integrity
protection algorithm MD5, PRF algorithm MD5, and 1024-bit DH group.
[RouterA-proposal-proposal_a] encryption aes-cbc-192
[RouterA-proposal-proposal_a] integrity md5
[RouterA-proposal-proposal_a] prf md5
[RouterA-proposal-proposal_a] group 2
[RouterA-proposal-proposal_a] quit
5. Configure an IKEv2 policy:
# Create IKEv2 policy policy_a.
[RouterA] ikev2 policy policy_a
# Configure the IKEv2 policy to use IKEv2 proposal proposal_a.
[RouterA-policy-policy_a] proposal proposal_a
[RouterA-policy-policy_a] quit
6. Configure an IKEv2 profile:
# Create IKEv2 profile profile_a.
[RouterA] ikev2 profile profile_a
# Set both the local and remote authentication methods to RSA digital certificate.
[RouterA-profile-profile_a] authentication local rsa-sig
[RouterA-profile-profile_a] authentication remote rsa-sig
# Use the DN as the local identity information.
[RouterA-profile-profile_a] identity local dn
# Use local interface Ethernet 1/1 for IKEv2 policy matching.
[RouterA-profile-profile_a] match address local interface ethernet 1/1
# Use PKI domain domain_a for certificate signing and PKI domain domain_b for certificate
authentication.
[RouterA-profile-profile_a] pki domain domain_b verify
[RouterA-profile-profile_a] pki domain domain_a sign
[RouterA-profile-profile_a] quit
7. Configure an IPsec policy that uses IKEv2.
[RouterA] ipsec policy map 1 isakmp
[RouterA-ipsec-policy-isakmp-map1-1] encapsulation-mode tunnel
[RouterA-ipsec-policy-isakmp-map1-1] security acl 3101
[RouterA-ipsec-policy-isakmp-map1-1] ikev2 profile profile_a
[RouterA-ipsec-policy-isakmp-map1-1] remote-address 2.2.2.2

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals