Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
131132133134135136137138139140
130
Figure 92 Creating an IKE proposal numbered 10
3. Configur ing the IKE peer on Device B:
a. Select VPN > IKE > Peer from the navigation tree and then click Add.
The IKE peer configuration page appears, as shown in Figure 91.
b. Perform the following operations on the page:
Enter peer as the peer name.
Select Main as the negotiation mode.
Enter 1.1.1.1 as the remote gateway IP address.
Select Pre-Shared Key and enter abcde as the pre-shared key.
c. Click Apply.
After you complete the configuration, security gateways Device A and Device B can perform IKE
negotiation. Device A is configured with an IKE proposal numbered 10, which uses the authentication
algorithm of MD5; but Device B has only a default IKE proposal, which uses the default authentication
algorithm of SHA. Device B has no proposal matching proposal 10 of Device A, and the two devices
have only one pair of matched proposals, namely the default IKE proposals. The two devices do not need
to have the same ISAKMP SA lifetime; they will negotiate one.
Configuring IKE at the CLI
IKE configuration task list
Task Remarks
Configuring a name for the local security gateway Optional.
Configuring an IKE proposal
Required if you want to specify an IKE
proposal for an IKE peer to reference.
Configuring an IKE peer Required.
Setting keepalive timers Optional.
Setting the NAT keepalive timer Optional.