HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 219
settings of the negotiation initiator. When the remote end's information such as the IP address is
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 219 highlights
settings of the negotiation initiator. When the remote end's information (such as the IP address) is unknown, the IPsec policy configured by using this method allows the remote end to initiate negotiations with the local end. To configure an IKE-based IPsec policy by referencing an IPsec policy template: Step 1. Enter system view. Command system-view Remarks N/A 2. Create an IPsec policy template and enter its view. ipsec { ipv6-policy-template | policy-template } template-name seq-number 3. (Optional.) Configure a description for the IPsec policy description text template. By default, no IPsec policy template exists. By default, no description is configured. By default, no ACL is specified for 4. (Optional.) Specify an ACL for security acl [ ipv6 ] { acl-number | the IPsec policy template. the IPsec policy template. name acl-name } [ aggregation | per-host ] An IPsec policy template can reference only one ACL. 5. Specify the IPsec transform sets for the IPsec policy template to reference. transform-set transform-set-name& By default, the IPsec policy template references no IPsec transform set. 6. Specify the IKE profile for the IPsec policy template to ike-profile profile-name reference. By default, the IPsec policy template references no IKE profile. An IPsec policy template can reference only one IKE profile and it cannot reference any IKE profile that is already referenced by other IPsec policy templates or IPsec policies. For more information about IKE profiles, see "Configuring IKE." By default, the local IPv4 address of IPsec tunnel is the primary IPv4 address of the interface to which the IPsec policy is applied, and the local IPv4 address of the IPsec 7. (Optional.) Specify the local local-address { ipv4-address | ipv6 tunnel is the first IPv6 address of the IP address of the IPsec tunnel. ipv6-address } interface to which the IPsec policy is applied. The local IP address specified by this command must be the same as the IP address used as the local IKE identity. 8. (Optional.) Specify the remote remote-address { [ ipv6 ] IP address of the IPsec tunnel. host-name | ipv4-address | ipv6 ipv6-address } By default, the remote IP address of the IPsec tunnel is not specified. 9. Configure the IPsec SA lifetime. sa duration { time-based seconds | By default, the global SA lifetime traffic-based kilobytes } settings are used. 210