Configuring Snmp Notifications For Ipsec - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
the scope consists of directly-connected neighbors or a RIPng process. For BGP, the scope
consists of BGP peers or a BGP peer group.
•
The keys for the IPsec SAs at the two tunnel ends must be configured in the same format. For
example, if the key at one end is entered as a string of characters, the key on the other end
must also be entered as a string of characters.
To configure a manual IPsec profile:
Step
1.
Enter system view.
2.
Create a manual IPsec
profile and enter its view.
3.
(Optional.) Configure a
description for the IPsec
profile.
4.
Specify an IPsec
transform set.
5.
Configure an SPI for an
SA.
6.
Configure keys for the
IPsec SA.
Configuring SNMP notifications for IPsec
After you enable SNMP notifications for IPsec, the IPsec module notifies the NMS of important
module events. The notifications are sent to the device's SNMP module. You can configure the
notification transmission parameters for the SNMP module to specify how the SNMP module
Command
system-view
ipsec profile profile-name manual
description text
transform-set transform-set-name
sa spi { inbound | outbound } { ah |
esp } spi-number
•
Configure an authentication key
in hexadecimal format for AH:
sa hex-key authentication
{ inbound | outbound } ah
{ cipher | simple } key-value
•
Configure an authentication key
in character format for AH:
sa string-key { inbound |
outbound } ah { cipher |
simple } key-value
•
Configure a key in character
format for ESP:
sa string-key { inbound |
outbound } esp [ cipher |
simple ] key-value
•
Configure an authentication key
in hexadecimal format for ESP:
sa hex-key authentication
{ inbound | outbound } esp
{ cipher | simple } key-value
•
Configure an encryption key in
hexadecimal format for ESP:
sa hex-key encryption
{ inbound | outbound } esp
{ cipher | simple } key-value
299
Remarks
N/A
By default, no IPsec profile exists.
The manual keyword is not
needed if you enter the view of an
existing IPsec profile.
By default, no description is
configured.
By default, no IPsec transform set
is specified for an IPsec profile.
The specified IPsec transform set
must use the transport mode.
By default, no SPI is configured
for an SA.
By default, no keys are configured
for the IPsec SA.
Configure a key for the security
protocol (AH, ESP, or both) you
have specified.
If you configure a key in character
format for ESP, the device
automatically generates an
authentication key and an
encryption key for ESP.
If you configure a key in both the
character and hexadecimal
formats, only the most recent
configuration takes effect.
Advertisement
Table of Contents
Troubleshooting
