Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
251252253254255256257258259260
240
[RouterA-profile-profile_a] pki domain domain_b verify
[RouterA-profile-profile_a] pki domain domain_a sign
[RouterA-profile-profile_a] quit
7. Configure an IPsec policy that uses IKEv2.
[RouterA] ipsec policy map 1 isakmp
[RouterA-ipsec-policy-isakmp-map1-1] encapsulation-mode tunnel
[RouterA-ipsec-policy-isakmp-map1-1] security acl 3101
[RouterA-ipsec-policy-isakmp-map1-1] ikev2 profile profile_a
[RouterA-ipsec-policy-isakmp-map1-1] remote-address 2.2.2.2
[RouterA-ipsec-policy-isakmp-map1-1] local-address 1.1.1.1
[RouterA-ipsec-policy-isakmp-map1-1] transform-set transform_a
[RouterA-ipsec-policy-isakmp-map1-1] quit
8. Assign an IP address to interface Ethernet 1/2.
[RouterA] interface ethernet 1/2
[RouterA-Ethernet1/2] ip address 10.1.1.1 255.255.255.0
[RouterA-Ethernet1/2] quit
9. Assign an IP address to interface Ethernet 1/1.
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ip address 1.1.1.1 255.255.0.0
10. Apply the IPsec policy group on interface Ethernet 1/1.
[RouterA-Ethernet1/1] ipsec policy map
[RouterA-Ethernet1/1] quit
11. Configure a static route to subnet 10.1.2.0/24.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 2.2.2.2
Configuring the security gateway Router B
1. Configure PKI:
# Create PKI entity entity_a.
<RouterB> system-view
[RouterB] pki entity entity_a
[RouterB-pki-entity-entity_a] quit
# Configure PKI domain domain_a, the PKI domain used for certificate authentication.
[RouterB] pki domain domain_a
[RouterB-pki-domain-domain_a] certificate request entity entity_a
[RouterB-pki-domain-domain_a] crl check disable
[RouterB-pki-domain-domain_a] quit
# Import the CA certificate for certificate signing in offline mode.
[RouterB] pki import-certificate ca domain domain_a der filename aaa_ca.crt
Is the finger print correct?(Y/N):y
# Create PKI entity entity_b.
[RouterB] pki entity entity_b
[RouterB-pki-entity-entity_b] quit
# Configure PKI domain domain_b, the PKI domain used for certificate signing.
[RouterB] pki domain domain_b
[RouterB-pki-domain-domain_b] certificate request entity entity_b
[RouterB-pki-domain-domain_b] crl check disable