R3303-HP 6600/HSR6600 Routers Security Configuration Guide
xii
Network requirements ········································································································································· 536
Configuration procedure ···································································································································· 536
Configuring FIPS······················································································································································ 537
Overview ······································································································································································· 537
FIPS self-tests ································································································································································· 537
Power-up self-tests ················································································································································ 537
Conditional self-tests ············································································································································ 538
Triggering a self-test ············································································································································ 538
Configuration changes in FIPS mode ························································································································· 538
Configuration considerations ······································································································································ 539
Enabling FIPS mode ····················································································································································· 539
Displaying and maintaining FIPS ······························································································································· 539
FIPS configuration example········································································································································· 540
Network requirements ········································································································································· 540
Configuration procedure ···································································································································· 540
Verifying the configuration ································································································································· 541
Configuring group domain VPN ···························································································································· 542
Overview ······································································································································································· 542
Group domain VPN structure ····························································································································· 542
Group domain VPN establishment ···················································································································· 543
KS redundancy ···················································································································································· 545
Protocols and standards ····································································································································· 546
Configuration restrictions and guidelines ·················································································································· 546
Configuring the GDOI KS ··········································································································································· 546
GDOI KS configuration task list ························································································································· 546
Configuring basic settings for a GDOI KS group ···························································································· 548
Configuring GDOI KS redundancy ··················································································································· 549
Specifying the source address for packets sent by the KS ·············································································· 550
Configuring rekey parameters ··························································································································· 551
Displaying and maintaining GDOI KS ·············································································································· 551
Configuring the GDOI GM ········································································································································· 552
GDOI GM configuration task list ······················································································································· 552
Configuring a GDOI GM group ························································································································ 552
Configuring a GDOI IPsec policy ······················································································································ 553
Applying a GDOI IPsec policy to an interface ································································································· 554
Displaying and maintaining GM ······················································································································· 554
Group domain VPN configuration example ············································································································· 555
Network requirements ········································································································································· 555
Configuration procedure ···································································································································· 556
Troubleshooting group domain VPN ························································································································· 570
IKE SA negotiation failure ·································································································································· 570
GM registration failure ······································································································································· 570
KS redundancy failure ········································································································································ 571
Support and other resources ·································································································································· 572
Contacting HP ······························································································································································ 572
Subscription service ············································································································································ 572
Related information ······················································································································································ 572
Documents ···························································································································································· 572
Websites ······························································································································································· 572
Conventions ·································································································································································· 573
Index ········································································································································································ 575