R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

253

Ste

p

Command

Remarks

3. Assign an ACL to the

IPsec policy.

security acl [ ipv6 ] acl-number

Not needed for IPsec policies to be

applied to IPv6 routing protocols and

required for other applications.

By default, an IPsec policy references no

ACL.

The ACL supports match criteria of the

VPN attribute.

An IPsec policy can reference only one

ACL. If you apply multiple ACLs to an

IPsec policy, only the last one takes

effect.

4. Assign an IPsec

transform set to the IPsec

policy.

transform-set transform-set-name

By default, an IPsec policy references no

IPsec transform set.

A manual IPsec policy can reference only

one IPsec transform set. To change an

IPsec transform set for an IPsec policy,

you must remove the reference first.

5. Configure the local

address and the remote

address of the IPsec

tunnel.

• Configure the local address of

the IPsec tunnel:

tunnel local [ ipv6 ] ip-address

• Configure the remote address

of the IPsec tunnel:

tunnel remote [ ipv6 ]

ip-address

Not needed for IPsec policies to be

applied to IPv6 routing protocols and

required for other applications.

By default, the tunnel local and remote

addresses are not configured.

6. Configure an SPI for an

SA.

sa spi { inbound | outbound } { ah

| esp } spi-number

N/A