F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

191

192

193

194

195

196

197

198

199

200

184

To configure an IPsec tunnel interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a tunnel interface

and enter its view.

interface tunnel number

By default, no tunnel interface

exists on the device.

3. Assign a private IPv4

address to the tunnel

interface.

ip address ip-address { mask |

mask-length } [ sub ]

Configure one type of address.

By default, no private IP address

is assigned to a tunnel interface.

4. Set the tunnel mode of the

tunnel interface to IPsec

over IPv4.

tunnel-protocol ipsec ipv4

By default, the encapsulation

mode is GRE.

5. Specify the source address

or interface of the tunnel

interface.

source { ip-address | interface-type

interface-number }

By default, no source address or

interface is specified for a tunnel

interface.

If you specify an interface, the

tunnel interface will take the

primary IP address of the source

interface.

6. Specify the destination

address of the tunnel

interface.

destination ip-address

Optional for an IKE negotiation

responder, and required for an

IKE negotiation initiator.

By default, no tunnel destination

address is configured.

7. Apply an IPsec profile to

the tunnel interface.

ipsec profile profile-name

The IPsec profile must have been

created and have not been

applied to any DVPN tunnel

interface.

For more information about commands interface tunnel, tunnel-protocol, source and destination, see

VPN Command Reference.

An IPsec profile cannot be applied to both an IPsec tunnel interface and a DVPN tunnel interface

simultaneously.

An IPsec tunnel interface can reference only one IPsec profile.

Apply an IPsec profile to only one IPsec tunnel interface. Although an IPsec profile can be applied to

multiple IPsec tunnel interfaces, it takes effect only on the IPsec tunnel interface that goes up first.

452BApplying a QoS policy to an IPsec tunnel interface

The device allows you to apply a QoS policy to the IPsec tunnel interface. In this case, QoS is performed

before IPsec encapsulation, and the priority of a resulting packet is the same as that of the original packet.

In addition, the QoS congestion management is done to the packets before encapsulation, avoiding the

disorder of IPsec packets.