Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
12345678910
vi
Removing a certificate ················································································································································· 227
Configuring an access control policy ························································································································ 228
Displaying and maintaining PKI ································································································································· 228
PKI configuration examples ········································································································································· 229
Certificate request from an RSA Keon CA server ···························································································· 229
Certificate request from a Windows 2003 CA server ···················································································· 232
IKE negotiation with RSA digital signature ······································································································· 235
Certificate access control policy configuration ································································································ 237
Troubleshooting PKI ····················································································································································· 239
Failed to obtain a CA certificate ······················································································································· 239
Failed to request a local certificate ··················································································································· 239
Failed to obtain CRLs ·········································································································································· 240
Configuring IPsec ···················································································································································· 241
Overview ······································································································································································· 241
Basic concepts ····················································································································································· 241
IPsec tunnel interface ··········································································································································· 244
IPsec for IPv6 routing protocols ·························································································································· 245
IPsec RRI································································································································································ 245
Protocols and standards ····································································································································· 246
FIPS compliance ··························································································································································· 246
Implementing IPsec ······················································································································································· 246
Implementing ACL-based IPsec ··································································································································· 247
Configuring an ACL ············································································································································ 247
Configuring an IPsec transform set ···················································································································· 250
Configuring an IPsec policy ······························································································································· 251
Applying an IPsec policy group to an interface ······························································································· 257
Enabling the encryption engine ························································································································· 258
Enabling ACL checking of de-encapsulated IPsec packets ············································································· 258
Configuring the IPsec anti-replay function ········································································································ 259
Configuring packet information pre-extraction ································································································ 259
Enabling invalid SPI recovery ···························································································································· 260
Configuring IPsec RRI ·········································································································································· 260
Enabling IPsec packet fragmentation before/after encryption ······································································· 262
Implementing tunnel interface-based IPsec ················································································································ 262
Configuring an IPsec profile ······························································································································· 263
Configuring an IPsec tunnel interface ··············································································································· 264
Enabling packet information pre-extraction on the IPsec tunnel interface ····················································· 266
Applying a QoS policy to an IPsec tunnel interface ························································································ 266
Configuring IPsec for IPv6 routing protocols ············································································································· 267
Displaying and maintaining IPsec ······························································································································ 267
IPsec configuration examples······································································································································ 268
Configuring a manual mode IPsec tunnel for IPv4 packets ············································································ 268
Configuring an IKE-based IPsec tunnel for IPv4 packets ················································································· 270
Configuring IKE-based IPsec tunnel for IPv6 packets ······················································································· 272
Configuring IPsec with IPsec tunnel interfaces·································································································· 274
Configuring IPsec for RIPng ································································································································ 279
Configuring IPsec RRI ·········································································································································· 282
Configuring IKE ······················································································································································· 286
Overview ······································································································································································· 286
IKE security mechanism ······································································································································· 286
IKE operation ······················································································································································· 286
IKE functions ························································································································································· 287
Relationship between IKE and IPsec ·················································································································· 288