IPSEC problem with MSR2003 router

Dobrin — Thu, 29 Sep 2016 18:39:09 GMT

Hello,

I have bought an HP MSR 2003 router and I am trying to configure IPSec tunnel between it and a Pfsense firewall.

I have created all the necessary rules and so on, but on the ESP encryption options there is only DES as an encryption algorithm. Is there any way to enable 3DES or AES?

The phase 1 connection is made without problems, but the phase 2 fails.

Here is my configuration:

interface GigabitEthernet0/1
 port link-mode route
 description WAN
 ip address XX.XX.XX.XX 255.255.255.0
 default-nexthop ip XX.XX.XX.XX
 nat outbound 2002
 undo dhcp select server
 ipsec apply policy policy1
#
ipsec transform-set ts1
 esp encryption-algorithm des-cbc
 esp authentication-algorithm sha1
#
ipsec policy policy1 10 isakmp
 transform-set ts1
 security acl 3000
 local-address XX.XX.XX.XX
 remote-address XX.XX.XX.XX
 ike-profile 1
#
 ipsec policy 1 local-address GigabitEthernet0/1
#
ike profile 1
 keychain keychain_galaxy
 local-identity address XX.XX.XX.XX
 match remote identity address XX.XX.XX.XX 255.255.255.0
 proposal 1
#
ike proposal 1
 encryption-algorithm aes-cbc-128
 dh group2

Re: IPSEC problem with MSR2003 router

Ian Vaughan — Tue, 04 Apr 2017 12:17:06 GMT

Hello,

You probably need to enable the "high encryption" license to be able to use AES etc on a new Comware v7 router

Have a look at this blog where a kind fellow has outlined the procedure.

Thanks

Ian

topic Re: IPSEC problem with MSR2003 router in Security e-Series

IPSEC problem with MSR2003 router

Re: IPSEC problem with MSR2003 router