Thursday, May 31, 2012

#hp #msr #router #ipsec configuration



MSR Configuration
#
acl number 3000
rule 0 permit ip source 50.50.50.0 0.0.0.255 destination 30.30.30.0 0.0.0.255
rule 1 deny ip
#
ike peer cisco
pre-shared-key cipher KGbZf6H3xPqAzXG81XUt0g==
remote-address 10.10.10.2
#
ipsec proposal xyz
esp authentication-algorithm sha1
#
ipsec policy 3com 10 isakmp
security acl 3000
ike-peer cisco
proposal xyz
#
#
interface Ethernet0/1
port link-mode route
ip address 50.50.50.1 255.255.255.0
#
interface Serial0/0
link-protocol ppp
ip address 10.10.10.1 255.255.255.252
ipsec policy 3com


Result à OK
<MSR2011>dis ipsec se
    ------------------------------------------------------------
    total sessions : 3
    ------------------------------------------------------------
    tunnel-id : 0
    session idle Oie/total duration (sec) : 44/300
    session flow :      (2 Oies matched)
        Sour Addr : 10.10.10.1             Sour Port:  179  Protocol : 6
        Dest Addr : 10.10.10.2             Dest Port:44252  Protocol : 6
    ------------------------------------------------------------
    tunnel-id : 0
    session idle Oie/total duration (sec) : 9/300
    session flow :      (7 Oies matched)
        Sour Addr : 10.10.10.1             Sour Port:    0  Protocol : 89
        Dest Addr : 224.0.0.5              Dest Port:    0  Protocol : 89
    ------------------------------------------------------------
    tunnel-id : 3
    session idle Oie/total duration (sec) : 0/300
    session flow :      (78 Oies matched)
  ---- More ----                        Sour Addr : 50.50.50.2             Sour Port:    0  Protocol : 1
        Dest Addr : 30.30.30.2             Dest Port:    0  Protocol : 1
<MSR2011>dis ipsec tun
    total tunnel : 1
    ------------------------------------------------

Connection ID : 3
    Perfect forward secrecy: None
    SA's SPI :
        Inbound :  368395233 (0x15f543e1) [ESP]
        Outbound : 4233487164 (0xfc55e33c) [ESP]
    Tunnel :
        Local Address:  10.10.10.1  Remote Address : 10.10.10.2
    Flow :
        Sour Addr : 50.50.50.0/255.255.255.0  Port: 0  Protocol : IP
        Dest Addr : 30.30.30.0/255.255.255.0  Port: 0  Protocol : IP
    Current Encrypt-card : None
<MSR2011>dis ipsec stat
  the security packet statistics:
    input/output security packets: 89/89
    input/output security bytes: 5340/5340
    input/output dropped security packets: 0/5
    dropped security packet detail:
      not enough memory: 0
      can't find SA: 5
      queue is full: 0
      authentication has failed: 0
      wrong length: 0
      replay packet: 0
      packet too long: 0
      wrong SA: 0
<MSR2011>
Posted by at

1 comment:

  1. UnknownAugust 24, 2013 at 8:38 PM

    Would you mind posting the relevant Cisco config snippets as well. You know how ipsec is. It either goes through smoothly the firt time or you end up frustrated for two hours until you figure out what isn't matching up and then it's usually an "oh crap/duh" moment..:)

    ReplyDelete

Subscribe to: Post Comments (Atom)