R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

311

312

313

314

315

316

317

318

319

320

304

[Sysname-ipsec-policy-isakmp-1-1] security acl 3000

[Sysname-ipsec-policy-isakmp-1-1] transform-set tran1

[Sysname-ipsec-policy-isakmp-1-1] ike-peer 1

[Sysname-ipsec-policy-isakmp-1-1] reverse-route static

[Sysname-ipsec-policy-isakmp-1-1] quit

[Sysname] interface gigabitethernet 3/0/1

[Sysname-GigabitEthernet3/0/1] ipsec policy 1

[Sysname-GigabitEthernet3/0/1]quit

# Display the routing table. You can see that IPsec RRI has created the static route. (Other routes are not

shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.2 GE3/0/1

# Configure static IPsec RRI to create static routes based on ACL 3000. Take the peer private network as

the destination and 1.1.1.3 as the next hop.

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3 static

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. You can see that IPsec RRI has created the static route. (Other routes are not

shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.3 GE3/0/1

# Configure dynamic IPsec RRI to create static routes based on IPsec SAs. Take the peer private network

as the destination and the remote tunnel endpoint 1.1.1.2 as the next hop.

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. The expected route appears in the table after the IPsec SA negotiation

succeeds. (Other routes are not shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.2 GE3/0/1

# Configure dynamic IPsec RRI to create static routes based on IPsec SAs. Take 1.1.1.3 as the next hop.

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. The expected route appears in the routing table after the IPsec SA negotiation

succeeds. (Other routes are not shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.3 GE3/0/1