Configuring An Ike-Based Ipsec Tunnel For Ipv4 Packets - HP FlexNetwork 10500 Series Security Configuration Manual

[SwitchB-ipsec-policy-manual-use1-10] quit
# Apply the IPsec policy use1 to interface VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
# Specify a service module or an Ethernet interface module for forwarding the traffic on the
interface.
[SwitchB-Vlan-interface1] service slot 3
[SwitchB-Vlan-interface1] quit
Verifying the configuration
After the configuration is completed, an IPsec tunnel between Switch A and Switch B is established,
and the traffic between the switches is IPsec protected. This example uses Switch A to verify the
configuration.
# Use the display ipsec sa command to display IPsec SAs on Switch A.
[SwitchA] display ipsec sa
-------------------------------
Interface: Vlan-interface 1
-------------------------------
-----------------------------
IPsec policy: map1
Sequence number: 10
Mode: manual
-----------------------------
Tunnel id: 549
Encapsulation mode: tunnel
Path MTU: 1443
Tunnel:
local
remote address: 2.2.3.1
Flow:
as defined in ACL 3101
[Inbound ESP SA]
SPI: 54321 (0x0000d431)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 12345 (0x00003039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA

Configuring an IKE-based IPsec tunnel for IPv4 packets

Network requirements
As shown in
flows in between. Configure the IPsec tunnel as follows:
•
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption
algorithm as 128-bit AES, and the authentication algorithm as HMAC-SHA1.
•
Set up SAs through IKE negotiation.
address: 2.2.2.1
Figure 89, establish an IPsec tunnel between Switch A and Switch B to protect the data
303