Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
141142143144145146147148149150
133
[Router-Dialer0] quit
# Configure a static route to the headquarters LAN.
[Router] ip route-static 172.16.0.0 255.255.255.0 dialer 0
# Configure interface GigabitEthernet 0/1.
[Router] interface gigabitethernet 0/1
[Router-GigabitEthernet0/1] tcp mss 1450
[Router-GigabitEthernet0/1] ip address 192.168.0.1 255.255.255.0
[Router-GigabitEthernet0/1] quit
# Create a virtual Ethernet interface, and create a PPPoE session that uses dialer bundle 1 on the
interface.
[Router] interface virtual-ethernet 0
[Router-Virtual-Ethernet0] pppoe-client dial-bundle-number 1
[Router-Virtual-Ethernet0] mac-address 0011-0022-0012
# Map the virtual Ethernet interface to a PVC on interface ATM 1/0.
[Router] interface atm 1/0
[Router-Atm1/0] pvc 0/100
[Router-atm-pvc-Atm1/0-0/100] map bridge virtual-ethernet 0
[FirewallB-atm-pvc-Atm1/0-0/100] quit
Troubleshooting IKE
When you configure parameters to establish an IPsec tunnel, enable IKE error debugging to locate
configuration problems:
<Firewall> debugging ike error
Invalid user ID
Symptom
Invalid user ID.
Analysis
In IPsec, user IDs identify IPsec tunnels for different data flows. In HP implementation of IPsec, a user ID
comprises an IP address and a username.
The following is the debugging information:
got NOTIFY of type INVALID_ID_INFORMATION
Or
drop message from A.B.C.D due to notification type INVALID_ID_INFORMATION
Solution
Verify that the ACLs in the IPsec policies configured on the interfaces at both ends are correct and mirror
each other. For more information about ACL configuration, see "Configuring IPsec."