EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #249 background imageLoading...
Page #249 background image
236
[RouterA-ipsec-policy-isakmp-map1-1] local-address 1.1.1.1
[RouterA-ipsec-policy-isakmp-map1-1] transform-set transform_a
[RouterA-ipsec-policy-isakmp-map1-1] quit
8. Assign an IP address to interface Ethernet 1/2.
[RouterA] interface ethernet 1/2
[RouterA-Ethernet1/2] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet1/2] quit
9. Assign an IP address to interface Ethernet 1/1.
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 1.1.1.1 255.255.0.0
10. Apply the IPsec policy group on interface Ethernet 1/1.
[RouterA-Ethernet1/1] ipsec policy map
[RouterA-Ethernet1/1] quit
11. Configure a static route to subnet 10.1.2.0/24.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 2.2.2.2
Configuring the security gateway Router B
1. Configure PKI:
# Create PKI entity entity_a.
<RouterB> system-view
[RouterB] pki entity entity_a
[RouterB-pki-entity-entity_a] quit
# Configure PKI domain domain_a, the PKI domain used for certificate authentication.
[RouterB] pki domain domain_a
[RouterB-pki-domain-domain_a] certificate request entity entity_a
[RouterB-pki-domain-domain_a] crl check disable
[RouterB-pki-domain-domain_a] quit
# Import the CA certificate for certificate signing in offline mode.
[RouterB] pki import-certificate ca domain domain_a der filename aaa_ca.crt
Is the finger print correct?(Y/N):y
# Create PKI entity entity_b.
[RouterB] pki entity entity_b
[RouterB-pki-entity-entity_b] quit
# Configure PKI domain domain_b, the PKI domain used for certificate signing.
[RouterB] pki domain domain_b
[RouterB-pki-domain-domain_b] certificate request entity entity_b
[RouterB-pki-domain-domain_b] crl check disable
[RouterB-pki-domain-domain_b] quit
# Import the CA certificate for certificate signing in offline mode.
[RouterB] pki import-certificate ca domain domain_b der filename bbb_ca.crt
Is the finger print correct?(Y/N):y
# Import the local certificate in offline mode.
[RouterB] pki import-certificate local domain domain_b p12 filename hw002.pfx
2. Configure ACL 3101 to identify traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24.
[RouterB] acl number 3101
[RouterB-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[RouterB-acl-adv-3101] quit

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals