Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
126
Task Command
Remarks
Display IKE proposal information.
display ike proposal [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Clear SAs established by IKE. reset ike sa [ connection-id | active | standby ] Available in user view.
Configuring main mode IKE with pre-shared key authentication
Network requirements
As shown in Figure 92, configure an IPsec tunnel that uses IKE negotiation between Firewall A and
Firewall B to secure the communication between subnet 10.1.1.0/24 and subnet 10.1.2.0/24.
For Firewall A, configure an IKE proposal that uses the sequence number 10 and the authentication
algorithm MD5. Leave Firewall B with only the default IKE proposal. Configure the two firewalls to use the
pre-shared key authentication method.
Figure 92 Network diagram
Configuration procedure
1. Make sure that Firewall A and Firewall B can reach each other.
2. Configure Firewall A:
# Configure ACL 3101 to identify traffic from subnet 10.1.1.0/24 to subnet 10.1.2.0/24.
<FirewallA> system-view
[FirewallA] acl number 3101
[FirewallA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination
10.1.2.0 0.0.0.255
[FirewallA-acl-adv-3101] quit
# Create IPsec transform set tran1.
[FirewallA] ipsec transform-set tran1
# Set the packet encapsulation mode to tunnel.
[FirewallA-ipsec-transform-set-tran1] encapsulation-mode tunnel
# Use security protocol ESP.
[FirewallA-ipsec-transform-set-tran1] transform esp
# Specify encryption and authentication algorithms.
[FirewallA-ipsec-transform-set-tran1] esp encryption-algorithm des
[FirewallA-ipsec-transform-set-tran1] esp authentication-algorithm sha1