HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 261
implementing ACL-based IPsec, IPv4 source guard
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 261 highlights
configuring IKE-based tunnel for IPv4 packets, 218 configuring manual policy, 206 configuring manual tunnel for IPv4 packets, 216 configuring transform set, 204 displaying, 215 enabling ACL checking for de-encapsulated IPsec packets, 212 enabling logging of IPsec packets, 214 enabling QoS pre-classify, 213 encapsulation modes, 198 encryption, 200 IKE, 222 IKE configuration, 224 IKE negotiation failure (no proposal or keychain referenced correctly), 236 IKE negotiation failure troubleshooting (no proposal match), 235 IKE negotiation process, 222 IKE security mechanism, 223 IKE troubleshooting, 235 implementation, 201 implementing ACL-based IPsec, 202 keywords in ACL rules, 203 maintaining, 215 mirror image ACLs, 204 protocols and standards, 202 SA, 200 SA negotiation failure (invalid identity info), 237 SA negotiation failure (no transform set match), 236 security protocols, 198 tunnel establishment, 202 IPsec policy applying, 211 binding to source interface, 213 configuration (IKE mode), 207 configuration (manual mode), 206 IPsec policy template configuring IKE-based IPsec policy, 209 IPsec transform set configuration, 204 IPsec tunnel configuring for IPv4 packets (IKE mode), 218 configuring for IPv4 packets (manual mode), 216 IPv4 configuring IKE-based IPsec tunnel, 218 configuring manual IPsec tunnel, 216 IPv4 source guard configuration, 161, 162, 162 displaying, 165 dynamic binding entries, 162 dynamic configuration with DHCP relay, 169 dynamic configuration with DHCP snooping, 167 maintaining, 165 on interface, 162 static binding entries, 161 static configuration, 165 static entry on interface, 163 IPv6 source guard configuration, 161, 162, 164 displaying, 165 maintaining, 165 on interface, 164 static binding entries, 161 static configuration, 170 static entry on interface, 164 ISAKMP, 222, See also IKE ISP AAA implementation, 11 AAA ISP domain accounting methods configuration, 43 AAA ISP domain authentication methods configuration, 41 AAA ISP domain authorization methods configuration, 42 AAA ISP domain creation, 40 AAA ISP domain methods configuration, 40 AAA ISP domain status configuration, 41 K key modulus creating local key pair, 116 key pair security SSH DSA host key pair, 127 security SSH RSA host key pair, 127 security SSH RSA server key pair, 127 L LAN 802.1X overview, 59 252