Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
70
The keys for the local and remote inbound and outbound SAs must be in the same format. For
example, if the local inbound SA uses a key in characters, the local outbound SA and remote
inbound and outbound SAs must use keys in characters.
b. Configuration prerequisites
Configure ACLs used for identifying protected traffic and IPsec proposals..
c. Configuration procedure
Follow these steps to configure a manual IPsec policy:
To do… Use the command…
Remarks
Enter system view system-view
Create a manual IPsec policy and enter its view
ipsec policy policy-name
seq-number manual
Required
By default, no IPsec
policy exists.
Assign an ACL to the IPsec policy security acl acl-number
Not needed for IPsec
policies to be applied to
IPv6 routing protocols
and required for other
applications.
By default, an IPsec
policy references no
ACL.
Assign an IPsec proposal to the IPsec policy proposal proposal-name
Required
By default, an IPsec
policy references no
IPsec proposal.
Configure the two
ends of the IPsec
tunnel
Configure the local address
of the tunnel
tunnel local ip-address
Required
Not configured by
default
Configure the remote
address of the tunnel
tunnel remote ip-address
Configure the SPIs for the SAs
sa spi { inbound |
outbound } { ah | esp }
spi-number
Required
Configure keys for the
SAs
Configure an authentication
key in hexadecimal for AH
sa authentication-hex
{ inbound | outbound }
ah hex-key
Required
Use either command
Configure an authentication
key in characters for AH
sa string-key { inbound |
outbound } ah string-key
Configure a key in characters
for ESP
sa string-key { inbound |
outbound } esp string-key
Required
Configure at least one
command.
If you configure a key in
characters for ESP, the
router automatically
generates an
authentication key and
an encryption key for
ESP.
Configure an authentication
key in hexadecimal for ESP
sa authentication-hex
{ inbound | outbound }
esp hex-key
Configure an encryption key
in hexadecimal for ESP
sa encryption-hex
{ inbound | outbound }
esp hex-key