F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

194

300BNetwork requirements

As shown in 906HFigure 86, the firewall acts as an SCP client and the router acts as an SCP server. A user can

securely transfer files with the router through firewall. The router uses the password authentication method

and the client's username and password are saved on the router.

Figure 86 Network diagram

301BConfiguration procedure

1. Configure the SCP server:

<Router> system-view

[Router] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits of the modulus[default = 1024]:

Generating Keys...

++++++++

++++++++++++++

+++++

++++++++

# Generate a DSA key pair.

[Router] public-key local create dsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits of the modulus[default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++

# Enable the SSH server function.

[Router] ssh server enable

# Configure an IP address for GigabitEthernet 0/1, which the client will use as the destination for

SCP connection.

[Router] interface gigabitethernet 0/1

[Router-GigabitEthernet0/1] ip address 192.168.0.1 255.255.255.0

[Router-GigabitEthernet01/1] quit

# Set the authentication mode of the user interface to AAA.

[Router] user-interface vty 0 4

[Router-ui-vty0-4] authentication-mode scheme