Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
81
To do… Use the command…
Remarks
Display IPsec SA information
display ipsec sa [ brief | duration
| policy policy-name
[ seq-number ] | remote
ip-address ]
Available in any view
Display IPsec packet statistics
display ipsec statistics [ tunnel-id
integer ]
Available in any view
Display IPsec tunnel information display ipsec tunnel Available in any view
Clear SAs
reset ipsec sa [ parameters
dest-address protocol spi | policy
policy-name [ seq-number ] |
remote ip-address ]
Available in user view
Clear IPsec statistics reset ipsec statistics Available in user view
IPsec configuration examples in the CLI
Example for establishing an IPsec tunnel in manual mode
Network requirements
As shown in Figure 52, an IPsec tunnel is required between Firewall A and Firewall B to protect data flows
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel to use the security protocol
ESP, the encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96.
Figure 52 Network diagram for IPsec configuration
Configuration procedure
a. Configure Firewall A
# Define an ACL to identify data flows from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<FirewallA> system-view
[FirewallA] acl number 3101
[FirewallA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[FirewallA-acl-adv-3101] quit
# Configure a static route to Host B.
[FirewallA] ip route-static 10.1.2.0 255.255.255.0 serial 2/1