Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
301302303304305306307308309310
295
Task Command
Remarks
Display IKE SA information.
display ike sa [ verbose
[ connection-id connection-id |
remote-address [ ipv6 ]
remote-address ] ] [ | { begin |
exclude | include }
regular-expression ]
Available in any view.
Display IKE proposal information.
display ike proposal [ | { begin |
exclude | include }
regular-expression ]
Available in any view.
Clear SAs established by IKE. reset ike sa [ connection-id ] Available in user view.
IKE configuration examples
Configuring main mode IKE with pre-shared key authentication
Network requirements
As shown in Figure 97, configure an IPsec tunnel that uses IKE negotiation between Router A and Router
B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
For Router A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm MD5. Leave Router B with only the default IKE proposal. Configure the two routers to use the
pre-shared key authentication method.
Figure 97 Network diagram
Configuration procedure
1. Make sure that Router A and Router B can reach each other.
2. Configure Router A:
# Configure ACL 3101 to identify traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Create IPsec transform set tran1.