Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
171172173174175176177178179180
165
436B
Configuring Device B
The configuration steps on Device B are similar to those on Device A. The configuration pages are not
shown.
1.
Assign IP addresses for the interfaces and then add them to the target zones. (Details not shown.)
2.
Define an ACL to permit traffic from subnet 10.1.2.0/24 to subnet 10.1.1.0/24:
a.
Select Firewall > ACL from the navigation tree.
b.
Click Add.
c.
On the page that appears, enter the ACL number 3101, select the match order Config, and
click Apply.
d.
From the ACL list, select ACL 3101 and click the icon.
e.
Click Add.
f.
On the page that appears, select Permit from the Operation list, select Source IP Address and
enter 10.1.2.0 and 0.0.0.255 respectively in the following fields, select Destination IP Address
and enter 10.1.1.0 and 0.0.0.255 respectively in the following fields, and click Apply.
3.
Configure a static route to Host A:
a.
Select Network > Routing Management > Static Routing from the navigation tree.
b.
Click Add.
c.
On the page that appears, enter the destination IP address 10.1.1.0 and mask 255.255.255.0,
select the outbound interface GigabitEthernet0/1, and click Apply.
4.
Configure an IPsec proposal named tran1:
a.
Select VPN > IPSec > Proposal from the navigation tree.
b.
Click Add.
c.
From the IPSec Proposal Configuration Wizard page, select Custom mode.
d.
On the page that appears, enter the IPsec proposal name tran1, select the packet
encapsulation mode Tunnel, security protocol ESP, authentication algorithm SHA1, and
encryption algorithm DES, and click Apply.
5.
Configure IKE peer peer:
a.
Select VPN > IKE > Peer from the navigation tree.
b.
Click Add.
c.
Enter the peer name peer.
d.
Select the negotiation mode Main.
e.
Enter the remote gateway IP address 2.2.2.1.
f.
Select the Pre-Shared Key box and then enter abcde for both the Key and Confirm Key fields.
g.
Click Apply.
6.
Configure IPsec policy map1:
a.
Select VPN > IPSec > Policy from the navigation tree.
b.
Click Add.
c.
Enter the policy name map1.
d.
Enter the sequence number 10.
e.
Select the IKE peer peer.
f.
Select the IPsec proposal tran1 and click <<.