Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
311312313314315316317318319320
303
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843200/3484
Max received sequence-number:
UDP encapsulation used for NAT traversal: N
Status: active
# Display the IKE SA and IPsec SAs on Device B. (Details not shown.)
[DeviceB] display ike sa
[DeviceB] display ipsec sa
Aggressive mode with RSA signature authentication
configuration example
This configuration example is not available when the device is operating in FIPS mode.
Network requirements
As shown in Figure 88, configure an IPsec tunnel that uses IKE negotiation between Device A and Deice
B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
Configure Device A and Device B to use aggressive mode for IKE negotiation phase 1 and use RSA
signature authentication. Device A acts as the initiator because the subnet where Device A resides is
dynamically allocated.
Figure 88 Network diagram
Configuration procedure
1. Configure Device A:
# Assign an IP address to each interface. (Details not shown.)
# Configure ACL 3101 to identify traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<DeviceA> system-view
[DeviceA] acl number 3101
[DeviceA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[DeviceA-acl-adv-3101] quit