Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
88
# Set the source interface of the tunnel to GigabitEthernet 0/2 on Tunnel 1.
[FirewallB–Tunnel1] source GigabitEthernet 0/2
# Apply IPsec profile btoa to tunnel interface Tunnel 1.
[FirewallB–Tunnel1] ipsec profile btoa
[FirewallB–Tunnel1] quit
# Configure a static route to Firewall A.
[FirewallB] ip route-static 172.17.17.0 255.255.255.0 tunnel 1
c. Verify the configuration
After the configuration, IKE negotiation will be triggered to set up SAs when GigabitEthernet 0/2 on
Firewall A complements the dial-up process. If IKE negotiation is successful and SAs are set up, the IPsec
tunnel between Firewall A and Firewall B is up, and provides protection for packets traveling through it.
Using the display brief interface command on Firewall B, you will see the link status of the IPsec tunnel
interface is up.
[FirewallB] display brief interface tunnel 1
The brief information of interface(s) under route mode:
Interface Link Protocol-link Protocol type Main IP
Tun1 UP UP TUNNEL 10.1.1.2
Using the display ike sa command on Firewall B, you will see that the SAs of two phases are established.
[FirewallB] display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
2 1.1.1.2 RD 2 IPSEC
1 1.1.1.2 RD 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT
You can also view the IPsec SA information.
[FirewallB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------
IPsec policy name: "btoa"
sequence number: 1
mode: tunnel
-----------------------------
connection id: 3
encapsulation mode: tunnel
perfect forward secrecy:
tunnel:
local address: 1.1.1.1
remote address: 1.1.1.2
flow :