R21xx-HP FlexFabric 11900 Security Configuration Guide
200
maintaining, 35
packet exchange process, 7
real-time accounting timer (realtime-accounting),
34
scheme configuration, 29
scheme creation, 30
scheme VPN specification, 32
server quiet timer (quiet), 34
server response timeout timer (response-timeout),
34
shared keys specification, 32
SSH user local authentication+HWTACACS
authorization+RADIUS accounting, 45
traffic statistics units, 33
troubleshooting, 55
username format, 33
IKE
aggressive mode in phase 1, 176
configuring global ID, 183
configuring IKE DPD, 185
configuring IKE keepalive, 184
configuring IKE keychain, 182
configuring IKE NAT keepalive, 184
configuring IKE-based IPsec policy, 161
configuring number limit for IKE SAs, 186
DH algorithm, 178
DH group, 181
DPD, 179
enabling invalid SPI recovery, 185
exchange, 176
keychain, 179
main mode configuration, 187
main mode in phase 1, 176
negotiation process, 176
PFS, 178
pre-shared key authentication, 177
profile, 179
SA, 153
SA lifetime, 181
security mechanism, 177
IKE-based IPsec policy
configuring by referencing IPsec policy template,
163
direct configuration, 162
IMC
RADIUS session-control feature configuration,
42
implementing
AAA for MPLS L3VPNs, 13
AAA HWTACACS, 7
AAA LDAP, 9
AAA on device, 11
AAA RADIUS, 2
ACL-based IPsec, 155
IPsec, 154
importing
peer host public key from file, 71
public key from file, 74
Internet Key Exchange. See IKE
IP
u R P F c o n fi g u r a t i o n , 139, 142, 143
IP addressing
ARP attack protection configuration, 123
ARP filtering configuration, 138
ARP gateway protection, 136
ARP user/packet validity check, 133
authorized ARP (DHCP relay agent), 130
LDAP server IP address configuration, 36
outgoing RADIUS packet source IP address, 26
RADIUS security policy server IP address
configuration, 29
SSH SFTP client source IP address/interface, 87