HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 226
Apply ACL 3101., Create a manual IPsec policy entry, with the policy name
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 226 highlights
# Specify the remote IP address of the IPsec tunnel as 2.2.3.1. [SwitchA-ipsec-policy-manual-map1-10] remote-address 2.2.3.1 # Configure inbound and outbound SPIs for ESP. [SwitchA-ipsec-policy-manual-map1-10] sa spi outbound esp 12345 [SwitchA-ipsec-policy-manual-map1-10] sa spi inbound esp 54321 # Configure the inbound and outbound SA keys for ESP. [SwitchA-ipsec-policy-manual-map1-10] sa string-key outbound esp simple abcdefg [SwitchA-ipsec-policy-manual-map1-10] sa string-key inbound esp simple gfedcba [SwitchA-ipsec-policy-manual-map1-10] quit # Apply the IPsec policy map1 to interface VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ipsec policy map1 2. Configure Switch B: # Configure an IP address for VLAN-interface 1. system-view [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address 2.2.3.1 255.255.255.0 [SwitchB-Vlan-interface1] quit # Define an ACL to identify data flows between Switch B and Switch A. [SwitchB] acl number 3101 [SwitchB-acl-adv-3101] rule 0 permit ip source 2.2.3.1 0 destination 2.2.2.1 0 [SwitchB-acl-adv-3101] quit # Create an IPsec transform set named tran1. [SwitchB] ipsec transform-set tran1 # Specify the encapsulation mode as tunnel. [SwitchB-ipsec-transform-set-tran1] encapsulation-mode tunnel # Specify the security protocol as ESP. [SwitchB-ipsec-transform-set-tran1] protocol esp # Specify the ESP encryption and authentication algorithms. [SwitchB-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-192 [SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [SwitchB-ipsec-transform-set-tran1] quit # Create a manual IPsec policy entry, with the policy name use1 and sequence number 10. [SwitchB] ipsec policy use1 10 manual # Apply ACL 3101. [SwitchB-ipsec-policy-manual-use1-10] security acl 3101 # Apply IPsec transform set tran1. [SwitchB-ipsec-policy-manual-use1-10] transform-set tran1 # Specify the remote IP address of the IPsec tunnel as 2.2.2.1. [SwitchB-ipsec-policy-manual-use1-10] remote-address 2.2.2.1 # Configure the inbound and outbound SPIs for ESP. [SwitchB-ipsec-policy-manual-use1-10] sa spi outbound esp 54321 [SwitchB-ipsec-policy-manual-use1-10] sa spi inbound esp 12345 # Configure the inbound and outbound SA keys for ESP. [SwitchB-ipsec-policy-manual-use1-10] sa string-key outbound esp simple gfedcba 217