Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
201202203204205206207208209210
193
Select SHA1 as the ESP authentication algorithm.
Select DES as the ESP encryption algorithm.
Click Apply.
# Configure IKE peer peer.
Select VPN > IKE > Peer from the navigation tree and then click Add.
Enter peer as the peer name.
Select Main as the negotiation mode.
Enter 2.2.2.1 as the IP address of the remote gateway.
Select Pre-Shared Key and enter abcde as the pre-shared key.
Click Apply.
# Configure IPsec policy map1.
Select VPN > IPSec > Policy from the navigation tree and then click Add.
Enter map1 as the policy name.
Enter 10 as the sequence number.
Select the IKE peer of peer.
Select the IPsec proposal of tran1 and click <<.
Enter 3101 as the ACL.
Click Appl
y.
# Apply IPsec policy map1 to GigabitEthernet 0/1.
Select VPN > IPSec > IPSec Application from the navigation tree, and then click the icon of
interface GigabitEthernet 0/1.
Select the policy of map1.
Click Apply.
Verifying the configuration
After you complete the configuration, packets to be exchanged between subnet 10.1.1.0/24 and subnet
10.1.2.0/24 triggers the negotiation of SAs by IKE. After IKE negotiation succeeds and the IPsec SAs are
established, a static route to subnet 10.1.2.0/24 via 2.2.2.2 is added to the routing table on Device A,
and traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 is protected by IPsec.
Manual mode IPsec tunnel for IPv4 packets configuration
example at the CLI
Network requirements
As shown in Figure 127, configure an IPsec tunnel between Firewall A and Firewall B to protect data flows
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel to use the security protocol
ESP, the encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96.