Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
281282283284285286287288289290
269
Task Command
Clear IPsec SAs.
reset ipsec sa [ { ipv6-policy | policy } policy-name
[ seq-number ] | profile policy-name | remote
{ ipv4-address | ipv6 ipv6-address } | spi { ipv4-address |
ipv6 ipv6-address } { ah | esp } spi-num ]
Clear IPsec statistics. reset ipsec statistics [ tunnel-id tunnel-id ]
IPsec configuration examples
Configuring a manual mode IPsec tunnel for IPv4 packets
Network requirements
As shown in Figure 80, establish an IPsec tunnel between Router A and Router B to protect data flows
between subnet 10.1.1.0/24 and subnet 10.1.2.0/24. Configure the tunnel as follows:
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption algorithm as
128-bit AES, and the authentication algorithm as HMAC-SHA1.
Manually set up IPsec SAs.
Figure 80 Network diagram
Configuration procedure
1. Configure Router A:
# Configure IP addresses for interfaces. (Details not shown.)
# Configure an ACL to identify data flows from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Configure a static route to Host B. The command uses the direct next hop address (2.2.2.3) as
an example.
[RouterA] ip route-static 10.1.2.0 255.255.255.0 gigabitethernet 2/1/2 2.2.2.3
# Create an IPsec transform set named tran1.
[RouterA] ipsec transform-set tran1