HP 10500 Series Configuration Manual page 10

Applying an IPsec policy group to an interface ······························································································· 309
Configuring the IPsec session idle timeout ········································································································ 309
Enabling ACL checking of de-encapsulated IPsec packets ············································································· 310
Configuring the IPsec anti-replay function ········································································································ 310
Configuring packet information pre-extraction ································································································ 311
Enabling invalid SPI recovery ···························································································································· 311
Displaying and maintaining IPsec ······························································································································ 312
IPsec configuration examples······································································································································ 312
IKE-based IPsec tunnel for IPv4 packets configuration example ····································································· 312
Configuring IKE ······················································································································································· 315
IKE overview ································································································································································· 315
IKE security mechanism ······································································································································· 315
IKE operation ······················································································································································· 315
IKE functions ························································································································································· 316
Relationship between IKE and IPsec ·················································································································· 317
Protocols and standards ····································································································································· 317
FIPS compliance ··························································································································································· 317
IKE configuration task list ············································································································································ 317
Configuring a name for the local security gateway ································································································· 318
Configuring an IKE proposal ······································································································································ 318
Configuring an IKE peer ·············································································································································· 319
Setting keepalive timers ··············································································································································· 321
Setting the NAT keepalive timer ································································································································· 321
Configuring a DPD detector ········································································································································ 322
Disabling next payload field checking ······················································································································ 322
Displaying and maintaining IKE ································································································································· 323
IKE configuration example ·········································································································································· 323
Troubleshooting IKE ····················································································································································· 326
Invalid user ID ······················································································································································ 326
Proposal mismatch ·············································································································································· 326
Failing to establish an IPsec tunnel ···················································································································· 327
ACL configuration error ······································································································································ 327
Support and other resources ·································································································································· 328
Contacting HP ······························································································································································ 328
Subscription service ············································································································································ 328
Related information ······················································································································································ 328
Documents ···························································································································································· 328
Websites ······························································································································································· 328
Conventions ·································································································································································· 329
Index ········································································································································································ 331
viii