I made the following configurations between the 2 HPE 5945 switches.
However, I was unable to align phase 1 or phase 2.
Can anyone help and evaluate whether the configuration is correct?
HPE1_SPO_SW1]display ikev2 proposal
IKEv2 proposal : BICS
Encryption: AES-CBC-128
Integrity: SHA1
PRF:
DH Group: MODP1024/Group2 MODP2048/Group14
[HPE1_SPO_SW1]display ikev2 policy
IKEv2 policy: BICS
Priority: 10
Match local: Vlan-interface30
Match VRF: VRF9
Proposal: BICS
[HPE1_SPO_SW1]display ikev2 profile
IKEv2 profile: BICS
Priority: 100
Match criteria:
Remote identity ipv4 address 186.231.25.135/32
VRF VRF9
Inside-vrf:
Local identity: address 189.76.174.12
Local authentication method: pre-share
Remote authentication methods: pre-share
Keychain: BICS
SA duration: 86400
DPD:
Config-exchange:
NAT keepalive:
AAA authorization:
[HPE1_SPO_SW1]display ipsec transform-set
IPsec transform set: BICS
State: complete
Encapsulation mode: tunnel
ESN: Disabled
PFS: dh-group14
Transform: ESP
ESP protocol:
Integrity: SHA1
Encryption: AES-CBC-128
[HPE1_SPO_SW1]display ipsec policy
-------------------------------------------
IPsec Policy: BICS
Interface: Tunnel1,
Vlan-interface30
-------------------------------------------
-----------------------------
Sequence number: 1
Mode: ISAKMP
-----------------------------
Traffic Flow Confidentiality: Disabled
Security data flow: 3003
Selector mode: standard
Local address: 189.76.174.12
Remote address: 186.231.25.135
Transform set: BICS
IKE profile:
IKEv2 profile: BICS
SA duration(time based):…
[HPE1_SPO_SW1-Vlan-interface30]display this
#
interface Vlan-interface30
description Tunnel_BICS
ip binding vpn-instance VRF9
ip address 189.76.174.12 255.255.255.254
ipsec apply policy BICS
#
return
[HPE1_SPO_SW1-Tunnel1]display this
#
interface Tunnel1 mode ipv4-ipv4
service slot 1
ip address 10.246.238.204 255.255.255.254
source Vlan-interface30
destination 186.231.25.135
ipsec apply policy BICS
#
return
Log
*Aug 20 02:52:10:618 2001 HPE1_SPO_SW1 IKEV2/7/PACKET: vrf = 3, src=189.76.174.12, dst = 186.231.25.135/500
Sending an IPv4 packet.
*Aug 20 02:52:10:618 2001 HPE1_SPO_SW1 IKE/7/EVENT: vrf = 3, src=189.76.174.12, dst = 186.231.25.135/500
Sent data to socket successfully.
*Aug 20 02:52:10:622 2001 HPE1_SPO_SW1 IKE/7/EVENT: Received packet successfully.
*Aug 20 02:52:10:622 2001 HPE1_SPO_SW1 IKEV2/7/PACKET: vrf = 3, src=189.76.174.12, dst = 186.231.25.135/500
Received packet from 186.231.25.135 source port 500 destination port 500.
*Aug 20 02:52:10:622 2001 HPE1_SPO_SW1 IKEV2/7/PACKET: vrf = 3, src=189.76.174.12, dst = 186.231.25.135/500
I-SPI: 23bc896580a2a89f
R-SPI: db0faad5b188a429
Message ID: 2
Exchange type: INFORMATIONAL
Flags: RESPONSE
Next payload: ENCRYPTED, Length: 76.
The configuration is between 2 HPE 5945 SWs, both SWs with the same configuration with Local and Remote changes