Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
201202203204205206207208209210
192
-----------------------------
IPsec policy name: "map1"
sequence number: 10
acl version: ACL4
mode: isakmp
-----------------------------
PFS: N, DH group: none
tunnel:
local address: 1.1.1.1
remote address: 3.3.3.3
flow :
sour addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP
dest addr: 10.1.2.0/255.255.255.0 port: 0 protocol: IP
Configuring IPsec with IPsec tunnel interfaces
Network requirements
As shown in Figure 59, the gateway of the branch accesses the Internet through a dial-up line and obtains
the IP address dynamically. The headquarters accesses the Internet by using a fixed IP address.
Configure an IPsec tunnel to protect the traffic between the branch and the headquarters. Make sure that
the IPsec configuration of the headquarters' gateway remains relatively stable despite of changes of the
branch's private IP address segment.
Figure 59 Network diagram
Configuration considerations
Configure an IPsec tunnel interface on each router and configure a static route on each router to route the
packets destined to the peer to the IPsec tunnel interface for IPsec protection.
Configuration procedure
1. Configure Router A:
# Name the local gateway routera.
<RouterA> system-view
[RouterA] ike local-name routera
# Configure an IKE peer named atob. As the local peer obtains the IP address automatically, set
the IKE negotiation mode to aggressive.