R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
51
Figure 37 Network diagram for IPsec configuration
Configuration procedure
1.
Configure Firewall A
# Define an ACL to permit traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
• Select Firewall > ACL from the navigation tree, and then click Add.
• Type 3101 as the ACL number.
• Select the match order of Config.
• Click Apply.
• From the ACL list, select ACL 3101 and click the corresponding icon. Then, click Add to enter the
ACL rule configuration page.
• Select Permit from the Operation drop-down box.
• Select the Source IP Address check box and type 10 .1.1. 0 and 0.0.0.255 respectively in the
following text boxes.
• Select the Destination IP Address check box and type 10.1.2.0 and 0.0.0.255 respectively in the
following text boxes.
• Click Apply.
• From the rule list of ACL 3101, click Add.
• Select Deny from the Operation drop-down box.
• Click Apply.
# Configure a static route to Host B.
• Select Network > Routing Management > Static Routing from the navigation tree, and then click
Add.
• Type 10.1.2.0 as the destination IP address.
• Type 255.255.255.0 as
the mask.
• Select GigabitEthernet0/1 as the outbound interface.
• Click Apply.
# Configure an IPsec proposal named tran1.
• Select VPN > IPSec > Proposal from the navigation tree and then click Add.
• Select Custom mode from the IPSec Proposal Configuration Wizard page.
• Type tran1 as the name of the IPsec proposal.
• Select Tunnel as the packet encapsulation mode.