Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
76
Follow these steps to configure packet information pre-extraction:
To do… Use the command…
Remarks
Enter system view system-view
Enter IPsec policy view or IPsec policy template view
ipsec policy policy-name
seq-number [ isakmp |
manual ]
Required
Configure either
command
ipsec policy-template
template-name
seq-number
Enable packet information pre-extraction qos pre-classify
Required
Disabled by default
Implementing tunnel interface-based IPsec
IPsec configuration task list
The following is the generic configuration procedure for implementing tunnel interface-based IPsec:
1. Configure an IPsec proposal to specify the security protocols, authentication and encryption
algorithms, and encapsulation mode.
2. Configure an IPsec profile to associate data flows with the IPsec proposal, and to specify the IKE
peer parameters and the SA lifetime.
3. Configure an IPsec tunnel interface and apply the IPsec profile to the interface.
NOTE:
Because packets routed to the IPsec tunnel interface are all protected, the data protection scope, which is
required for IPsec policy configuration, is not needed in the IPsec profile.
Complete the following tasks to configure tunnel interface-based IPsec:
To do…
Configuring an IPsec proposal
Required
An IPsec proposal for the IPsec tunnel interface to
reference supports tunnel mode only.
Configuring an IPsec profile Required
Configuring an IPsec tunnel interface Required
Enabling packet information pre-extraction on the IPsec
tunnel interface
Optional
Applying a QoS policy to an IPsec tunnel interface Optional
Enabling the encryption engine Optional
Configuring the IPsec anti-replay function Optional
Configuring an IPsec profile
An IPsec policy is uniquely identified by its name and sequence number. An IPsec policy group is a
collection of IPsec policies with the same name but different sequence numbers. In an IPsec policy group,
an IPsec policy with a smaller sequence number has a higher priority. After an IPsec policy group is