SROS Command Line Interface Reference Guide

HDLC Command Set

 

 

crypto map <mapname>

Use the crypto map command to associate crypto maps with the interface.

When you apply a map to an interface, you are applying all crypto maps with the given map name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.

For VPN configuration example scripts, refer to the technical support note

Configuring VPN located on the ProCurve SROS documentation CD provided with your unit.

Syntax Description

<mapname>

Enter the crypto map name that you wish to assign to the interface.

Default Values

By default, no crypto maps are assigned to an interface.

Command Modes

(config-interface)#

Interface Configuration Mode

 

Valid interfaces include: Ethernet (eth 0/1), virtual PPP interfaces (ppp 1), virtual

 

HDLC interfaces (hdlc 1), virtual Frame Relay sub-interfaces (fr 1.20), tunnel

 

interfaces (tunnel 1), and VLAN interface (vlan 1).

Functional Notes

When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep the following notes in mind.

When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system. The firewall should be set up with respect to the un-encrypted traffic that is destined to be sent or received over the VPN tunnel. The following diagram represents typical SROS data-flow logic.

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

818

Page 818
Image 818
HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 818