Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
25
Type peer as the peer name.
Select Main as the negotiation mode.
Select IP Address as the local ID type.
Type 2.2.2.2 as the remote gateway IP address.
Select Pre-Shared Key and type abcde as the pre-shared key.
Click Apply.
# Create an IKE proposal numbered 10.
Select VPN > IKE > Proposal from the navigation tree and then click Add.
Type 10 as the IKE proposal number.
Select Preshared Key as the authentication method.
Select MD5 as the authentication algorithm.
Select DES-CBC as the encryption algorithm.
Type 5000 as the SA lifetime.
Click Apply.
2. Configure Firewall B
# Configure the IKE peer.
Select VPN > IKE > Peer from the navigation tree and then click Add.
Type peer as the peer name.
Select Main as the negotiation mode.
Select IP Address as the local ID type.
Type 1.1.1.1 as the remote gateway IP address.
Select Pre-Shared Key and type abcde as the pre-shared key.
Click Apply.
After you complete the configuration, security gateways Firewall A and Firewall B should be able to
perform IKE negotiation. Firewall A is configured with an IKE proposal numbered 10, which uses the
authentication algorithm of MD5; but Firewall B has only a default IKE proposal, which uses the default
authentication algorithm of SHA. Firewall B has no proposal matching proposal 10 of Firewall A, and the
two firewalls have only one pair of matched proposals, namely the default IKE proposals. The two
firewalls do not need to have the same ISAKMP SA lifetime; they will negotiate one.
Configuring IKE in the CLI
IKE configuration task list
Prior to IKE configuration, you must determine the following parameters:
The strength of the algorithms for IKE negotiation, namely the security protection level, including the
identity authentication method, encryption algorithm, authentication algorithm, and DH group.
Different algorithms provide different levels of protection. A stronger algorithm means more resistant
to decryption of protected data but requires more resources. Generally, the longer the key, the
stronger the algorithm.
The pre-shared key or the PKI domain the certificate belongs to. For more information about PKI
configuration, see the chapter “PKI configuration.