EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #478 background imageLoading...
Page #478 background image
465
Task Command
Display ACL information for the
GM.
display gdoi
gm acl
[
download
|
local
]
[
group
group-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Display rekey information for the
GM.
display gdoi
gm rekey
[
verbose
] [
group
group-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Display information about the
public keys received by the GM.
display gdoi
gm pubkey
[
group
group-name ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Display IKE SA information.
display ike sa
[
active
|
standby
|
verbose
[
connection-id
connection-id |
remote-address
[
ipv6
] remote-address ] ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Display IPsec SA information.
display
ipsec
sa
[
active
|
brief
|
duration
|
policy
policy-name
[ seq-number ] |
remote
[
ipv6
] ip-address |
standby
] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Display GDOI IPsec policy
information.
display
ipsec
policy
[
brief
|
name
policy-name [ seq-number ] ] [
|
{
begin
|
exclude
|
include
} regular-expression ]
Clear GDOI information for the
GM and initiate registration.
reset gdoi gm
[
group
group-name ]
For more information about the display ike sa, display ipsec sa, and display ipsec policy
commands, see HPE FlexNetwork MSR Router Series Comware 5 Security Command Reference.
Group domain VPN configuration example
Network requirements
As shown in Figure 155, set up a group domain VPN on the network to protect traffic between
subnets, as follows:
• Add GM 1, GM 2, and GM 3 to GDOI group 12345, and configure them to register with the KS
that manages the group.
• Use the IPsec security protocol ESP, encryption algorithm AES-CBC 128, and authentication
algorithm SHA1 to protect the data.
• Configure IPsec to protect traffic from subnet 10.1.1.0 to subnet 10.1.2.0, and traffic from
subnet 10.1.1.0 to subnet 10.1.3.0.
• Use pre-shared key authentication for IKE negotiation between the KS and the GMs.
• Configure the KS to multicast rekey messages to the GMs.
• Configure KS 1 and KS 2 to back up each other. KS 1 and KS 2 use pre-shared key
authentication for IKE negotiation.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals