Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
12345678910
v
Configuring IPsec for IPv6 routing protocols ············································································································· 180
Displaying and maintaining IPsec ······························································································································ 181
IPsec configuration examples······································································································································ 182
Configuring manual mode IPsec tunnel ············································································································ 182
Configuring IKE-based IPsec tunnel ··················································································································· 184
Configuring encryption cards for IPsec services ······························································································ 186
Configuring IPsec interface backup ··················································································································· 189
Configuring IPsec with IPsec tunnel interfaces·································································································· 192
Configuring IPsec for RIPng ································································································································ 196
Configuring IPsec RRI ·········································································································································· 200
Configuring IKE ······················································································································································· 203
Overview ······································································································································································· 203
IKE security mechanism ······································································································································· 203
IKE operation ······················································································································································· 203
IKE functions ························································································································································· 204
Relationship between IKE and IPsec ·················································································································· 205
Protocols and standards ····································································································································· 205
FIPS compliance ··························································································································································· 205
IKE configuration task list ············································································································································ 206
Configuring a name for the local security gateway ································································································· 206
Configuring an IKE proposal ······································································································································ 207
Configuring an IKE peer ·············································································································································· 208
Setting keepalive timers ··············································································································································· 210
Setting the NAT keepalive timer ································································································································· 211
Configuring a DPD detector ········································································································································ 211
Disabling next payload field checking ······················································································································ 212
Displaying and maintaining IKE ································································································································· 212
IKE configuration examples ········································································································································ 212
Configuring main mode IKE with pre-shared key authentication ··································································· 212
Configuring aggressive mode IKE with NAT traversal ···················································································· 217
Troubleshooting IKE ····················································································································································· 220
Invalid user ID ······················································································································································ 220
Proposal mismatch ·············································································································································· 220
Failed to establish an IPsec tunnel ····················································································································· 221
ACL configuration error ······································································································································ 221
Configuring IKEv2 ··················································································································································· 222
Overview ······································································································································································· 222
New features in IKEv2 ········································································································································ 223
Protocols and standards ····································································································································· 223
IKEv2 configuration task list ········································································································································ 224
Configuring global IKEv2 parameters ······················································································································· 224
Configuring the cookie challenging function···································································································· 224
Configuring the IKEv2 DPD function ·················································································································· 225
Setting limits on the number of IKEv2 SAs ········································································································ 225
Configuring an address pool for assigning addresses to initiators ······························································· 226
Configuring an IKEv2 proposal ·································································································································· 226
Configuring an IKEv2 policy ······································································································································· 227
Configuring an IKEv2 keyring ···································································································································· 228
Configuring an IKEv2 profile ······································································································································ 228
Displaying and maintaining IKEv2 ····························································································································· 231
IKEv2 configuration examples ···································································································································· 231
Configuring IKEv2 pre-shared key authentication ··························································································· 231
Configuring IKEv2 certificate authentication ···································································································· 237