R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3 static

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. You can see that IPsec RRI has created the static route. (Other routes are not

shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.3 GE0/1

# Configure dynamic IPsec RRI to create static routes based on IPsec SAs. Take the peer private network

as the destination and the remote tunnel endpoint 1.1.1.2 as the next hop.

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. The expected route appears in the table after the IPsec SA negotiation

succeeds. (Other routes are not shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.2 GE0/1

# Configure dynamic IPsec RRI to create static routes based on IPsec SAs. Take 1.1.1.3 as the next hop.

[Sysname] ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3

[Sysname-ipsec-policy-isakmp-1-1] quit

# Display the routing table. The expected route appears in the routing table after the IPsec SA negotiation

succeeds. (Other routes are not shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

3.0.0.0/24 Static 60 0 1.1.1.3 GE0/1

# Configure dynamic IPsec RRI to create two static routes based on an IPsec SA: one to the peer private

network 3.0.0.0/24 via the remote tunnel endpoint 1.1.1.2, and the other to the remote tunnel endpoint

vi a 1.1.1. 3.

[Sysname]ipsec policy 1 1 isakmp

[Sysname-ipsec-policy-isakmp-1-1] reverse-route remote-peer 1.1.1.3 gateway

# Display the routing table. The expected routes appear in the routing table after the IPsec SA negotiation

succeeds. (Other routes are not shown.)

[Sysname] display ip routing-table

...

Destination/Mask Proto Pre Cost NextHop Interface

1.1.1.2/32 Static 60 0 1.1.1.3 GE0/1

3.0.0.0/24 Static 60 0 1.1.1.2 GE0/1