HPE Community
Appliance Servers
1753797 Members
8390 Online
108805 Solutions
New Discussion юеВ

sa 3110 ipsec sample doc

 
SOLVED
Go to solution
J. Mc Clymont
New Member

тАО03-10-2003 05:41 AM

тАО03-10-2003 05:41 AM

sa 3110 ipsec sample doc

hello,

we try to get an ipsec connection to the sa3110 v7.01 BUT nothing worked.

does anybody knows an detailed sample document which explain the ipsec configuration.

we want to use an one armed router.

we have no problem to dial a 0190 number to get help.

greetings from germany
Alle fragen warum sind die Dinosaurier ausgestorben - ich frage warum haben sie so lange gelebt
0 Kudos
3 REPLIES 3
BR699722
Occasional Advisor

тАО03-10-2003 06:21 AM

тАО03-10-2003 06:21 AM

Solution

Re: sa 3110 ipsec sample doc

Hi,

With the HP3110 comes a CD. On this CD there are detailed Informations about several configurations.
The second source is HP webSite or the HP Support Center at Ratingen.
The third source is the Intel Website, because the HP3xx0 Appliances were original build by Intel. Look at:
www.intel.com/support/netstructure/vpn/client/index.htm

As we set up IPSEC-Tunnels last year, we??ve got some problems with the firmware. Try 7.0 ore 6.9.
Another problem is the client.
With 2000/xp you have to disable the IPSEC-policy agent (Richtlinien-Agent) ( (control--> services) from Microsoft.

Hope that helps
J. Mc Clymont
New Member

тАО03-10-2003 08:04 AM

тАО03-10-2003 08:04 AM

Re: sa 3110 ipsec sample doc

hi,

in the meantime i found docs on the intel site. BUT, i get a connection and my w2k gives me a ckient ip address which i have defined noplace. this ip looks close to my real address. one of the official addresses are 195.212.87.xxx and the client ip are defined to 195.212.78.253. i have NOT defined the 78 or the 87 net in the config. when i show tunnel in the manager i got the right addresses i gave in the config and debug all or show route on the sa3110 looks also very well. NOWHERE stands the mysterios 78 ip. under w2k in the ipconfig the 78 also defined. whats going on there?

when the sa in original is the intel netstructure, can i use the firmware by intel? the patchlevel is higher than by the sa?

thanks for help
Alle fragen warum sind die Dinosaurier ausgestorben - ich frage warum haben sie so lange gelebt
0 Kudos
BR699722
Occasional Advisor

тАО03-10-2003 11:49 PM

тАО03-10-2003 11:49 PM

Re: sa 3110 ipsec sample doc

hi,

to your second question. I haven??t tested the firmware from Intel, so i wouldn??t use it, although it could work with the HP3110. With the HP Firmware 7.0 (not 7.01)it works fine.

For the first question, there are several possibilties for the "mysterious IP". But without background about your configuration, its difficult to specify it.
In our configuration the IP-Assignment uses a special defined IP-Range from the internal net.
We??ve defined this Range in the configuration manager in "Tunnels--> Remote Group --> IPSEC"
then "New Client IP"

The SA then works as an DHCP Server for the incoming VPN-Clients.

Maybe that helps



0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.