4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

201

202

203

204

205

206

207

208

209

210

190

To configure SNMP notifications for IKE:

Ste

Command

Remarks

1. Enter system view

system-view N/A

2. Enable SNMP

notifications for IKE

globally.

snmp-agent trap enable ike global

By default, SNMP notifications

for IKE are enabled.

3. Enable SNMP

notifications for the

specified type of

failures or events.

snmp-agent trap enable ike [ attr-not-support

| auth-failure | cert-type-unsupport |

cert-unavailable | decrypt-failure |

encrypt-failure | invalid-cert-auth |

invalid-cookie | invalid-id | invalid-proposal

| invalid-protocol | invalid-sign |

no-sa-failure | proposal-add |

proposal–delete | tunnel-start | tunnel-stop

| unsupport-exch-type ] *

By default, SNMP notifications

for all types of failures and

events are enabled.

Displaying and maintaining IKE

Execute display commands in any view and reset commands in user view.

Task Command

Display configuration information about all IKE

proposals.

display ike proposal

Display information about the current IKE SAs.

display ike sa [ verbose [ connection-id connection-id

| remote-address [ ipv6 ] remote-address

[ vpn-instance vpn-name ] ] ]

Delete IKE SAs. reset ike sa [ connection-id connection-id ]

Clear IKE statistics. reset ike statistics

IKE configuration examples

Main mode IKE with pre-shared key authentication

configuration example

Network requirements

As shown in Figure 51, configure an IPsec tunnel that uses IKE negotiation between Device A and Deice

B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.

Configure Device A and Device B to use the default IKE proposal for the IKE negotiation to set up the

IPsec SAs. Configure the two devices to use the pre-shared key authentication method for the IKE

negotiation phase 1.