Comware

 View Only

vsr1000 ipsec ikev2 vti

This thread has been viewed 1 times
  • 1.  vsr1000 ipsec ikev2 vti

    Posted Jun 01, 2017 10:57 AM

    Hello, I need to configure ipsec ikev2 site to site between cisco csr 1000v and hpe vsr1000
    cisco config

    crypto ikev2 keyring HPE
    peer HPE
    address xxx.xxx.xxx.132
    identity address yyy.yyy.yyy.111
    pre-shared-key local Cisco-Pass
    pre-shared-key remote HPE-Pass

    crypto ikev2 proposal HPE
    encryption aes-cbc-128
    integrity sha256
    group 14

    crypto ikev2 policy HPE
    match address local yyy.yyy.yyy.111
    proposal HPE

    crypto ikev2 profile HPE
    match identity remote address xxx.xxx.xxx.132 255.255.255.255
    identity local address yyy.yyy.yyy.111
    authentication remote pre-share
    authentication local pre-share
    keyring local HPE

    crypto ipsec profile HPE
    set ikev2-profile HPE

    interface Tunnel5
    ip address 10.10.10.2 255.255.255.252
    tunnel source GigabitEthernet4
    tunnel mode ipsec ipv4
    tunnel destination xxx.xxx.xxx.132
    tunnel protection ipsec profile HPE
    end

    hpe config

    ikev2 keychain CSR
    peer CSR
    address yyy.yyy.yyy.111 255.255.255.255
    identity address xxx.xxx.xxx.132
    pre-shared-key local pl HPE-Pass
    pre-shared-key remote pl Cisco-Pass

    ikev2 proposal CSR
    encryption aes-cbc-128
    integrity sha256
    dh group14

    ikev2 policy CSR
    proposal CSR
    match local address xxx.xxx.xxx.132

    ikev2 profile CSR
    authentication-method local pre-share
    authentication-method remote pre-share
    keychain CSR
    match remote identity address yyy.yyy.yyy.111 255.255.255.25

    interface Tunnel5 mode ipv4-ipv4
    ip address 10.10.10.1 255.255.255.252
    source GigabitEthernet4/0
    destination yyy.yyy.yyy.111
    ipsec apply policy CSR

    I do something wrong, I ask for help


    #vsr1000vti