EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #250 background imageLoading...
Page #250 background image
237
3. Configure an IPsec transform set:
# Create IPsec transform set transform_a.
[RouterB] ipsec transform-set transform_b
# Configure the IPsec transform set to use the security protocol ESP, encryption algorithm DES,
and authentication algorithm SHA1.
[RouterB-ipsec-transform-set-transform_b] transform esp
[RouterB-ipsec-transform-set-transform_b] esp encryption-algorithm des
[RouterB-ipsec-transform-set-transform_b] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-transform_b] quit
4. Configure an IKEv2 proposal:
# Create IKEv2 proposal proposal_b.
[RouterB] ikev2 proposal proposal_b
# Configure the IKEv2 proposal to use the encryption algorithm AES-CBC-192, integrity
protection algorithm MD5, PRF algorithm MD5, and 1024-bit DH group.
[RouterB-proposal-proposal_b] encryption aes-cbc-192
[RouterB-proposal-proposal_b] integrity md5
[RouterB-proposal-proposal_b] prf md5
[RouterB-proposal-proposal_b] group 2
[RouterB-proposal-proposal_b] quit
5. Configure an IKEv2 policy:
# Create IKEv2 policy policy_b.
[RouterB] ikev2 policy policy_b
# Configure the IKEv2 policy to use IKEv2 proposal proposal_b.
[RouterB-policy-policy_b] proposal proposal_b
[RouterB-policy-policy_b] quit
6. Configure an IKEv2 profile:
# Create IKEv2 profile profile_b.
[RouterB] ikev2 profile profile_b
# Set both the local and remote authentication methods to RSA digital certificate.
[RouterB-profile-profile_b] authentication local rsa-sig
[RouterB-profile-profile_b] authentication remote rsa-sig
# Use the DN as the local identity information.
[RouterB-profile-profile_b] identity local dn
# Use local interface Ethernet 1/1 for IKEv2 policy matching.
[RouterB-profile-profile_b] match address local interface ethernet 1/1
# Use PKI domain domain_b for certificate signing and PKI domain domain_a for certificate
authentication.
[RouterB-profile-profile_b] pki domain domain_a verify
[RouterB-profile-profile_b] pki domain domain_b sign
[RouterB-profile-profile_b] quit
7. Configure an IPsec policy that uses IKEv2.
[RouterB] ipsec policy map 1 isakmp
[RouterB-ipsec-policy-isakmp-map1-1] encapsulation-mode tunnel
[RouterB-ipsec-policy-isakmp-map1-1] security acl 3101
[RouterB-ipsec-policy-isakmp-map1-1] ikev2 profile profile_b
[RouterB-ipsec-policy-isakmp-map1-1] remote-address 1.1.1.1
[RouterB-ipsec-policy-isakmp-map1-1] local-address 2.2.2.2

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals