Manualshelf

R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router
12345678910
vii
IKE operation ······················································································································································· 294
IKE functions ························································································································································· 295
Relationship between IKE and IPsec ·················································································································· 296
Protocols and standards ····································································································································· 296
FIPS compliance ··························································································································································· 296
IKE configuration task list ············································································································································ 296
Configuring a name for the local security gateway ································································································· 297
Configuring an IKE proposal ······································································································································ 297
Configuring an IKE peer ·············································································································································· 298
Setting keepalive timers ··············································································································································· 301
Setting the NAT keepalive timer ································································································································· 301
Configuring a DPD detector ········································································································································ 301
Disabling next payload field checking ······················································································································ 302
Displaying and maintaining IKE ································································································································· 302
IKE configuration examples ········································································································································ 303
Configuring main mode IKE with pre-shared key authentication ··································································· 303
Configuring aggressive mode IKE with NAT traversal ···················································································· 307
Troubleshooting IKE ····················································································································································· 310
Invalid user ID ······················································································································································ 310
Proposal mismatch ·············································································································································· 311
Failing to establish an IPsec tunnel ···················································································································· 311
ACL configuration error ······································································································································ 312
Configuring SSH ····················································································································································· 313
Overview ······································································································································································· 313
How SSH works ··················································································································································· 313
SSH authentication ·············································································································································· 314
SSH support for MPLS L3VPN ···························································································································· 315
FIPS compliance ··························································································································································· 315
Configuring the device as an SSH server ·················································································································· 315
SSH server configuration task list ······················································································································ 316
Generating local DSA or RSA key pairs ··········································································································· 316
Enabling the SSH server function ······················································································································· 317
Enabling the SFTP server function ······················································································································ 317
Configuring the user interfaces for SSH clients ································································································ 317
Configuring a client's host public key ··············································································································· 318
Configuring an SSH user ···································································································································· 319
Setting the SSH management parameters ········································································································ 320
Configuring the device as an Stelnet client ··············································································································· 321
Stelnet client configuration task list ···················································································································· 321
Specifying a source IP address or source interface for the Stelnet client ······················································ 322
Enabling and disabling first-time authentication ······························································································ 322
Establishing a connection to an Stelnet server ································································································· 323
Configuring the device as an SFTP client ·················································································································· 324
SFTP client configuration task list ······················································································································· 324
Specifying a source IP address or source interface for the SFTP client ························································· 324
Establishing a connection to an SFTP server ···································································································· 325
Working with SFTP directories ··························································································································· 325
Working with SFTP files ······································································································································ 326
Displaying help information ······························································································································· 327
Terminating the connection with the SFTP server ····························································································· 327
Configuring the device as an SCP client ··················································································································· 327
SCP client configuration task list ························································································································ 328
Transferring files with an SCP server ················································································································· 328
Displaying and maintaining SSH ······························································································································· 329