F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

200

sequence number: 10

acl version: ACL4

mode: manual

-----------------------------

connection id: 1

encapsulation mode: transport

perfect forward secrecy:

tunnel:

flow:

[inbound ESP SAs]

spi: 123456 (0x3039)

transform-set: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration limit for this sa

[outbound ESP SAs]

spi: 123456 (0x3039)

transform-set: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration limit for this sa

Similarly, you can view the information on Firewall B and Firewall C. (Details not shown.)

216BIPsec RRI configuration example

465BNetwork requirements

As shown in 806HFigure 131, configure an IPsec tunnel between Firewall A and Firewall B to protect the traffic

between the headquarters and the branch. Configure the tunnel to use the security protocol ESP, the

encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96. Use IKE for automatic SA

negotiation.

Configure IPsec RRI on Firewall A to automatically create a static route to the branch based on the

established IPsec SAs. Specify the next hop of the route as 1.1.1.2.

Figure 131 Network diagram

466BConfiguration procedure

1. Assign IPv4 addresses to the interfaces on the firewalls according to 807HFigure 131. Make sure

Firewall A and Firewall B can reach each other. (Details not shown.)

Headquarter

Branch

Internet

Firewall A Firewall B

GE0/1

1.1.1.1/16

GE0/1

2.2.2.2/16

GE0/2

10.4.4.1/24

GE0/2

10.5.5.1/24

Host A

10.4.4.4/24

Host B

10.5.5.5/24