HPE Community
Comware Based
1753258 Members
5284 Online
108792 Solutions
New Discussion юеВ

Help with IPSEC Tunnel between COMWARE5 and COMWARE7

 
BarryOmd
Occasional Collector

тАО08-02-2019 12:41 AM

тАО08-02-2019 12:41 AM

Help with IPSEC Tunnel between COMWARE5 and COMWARE7

Hi there, can anyone provide me an example configuration to create an IPSEC tunnel between an HP5500EI(COMWARE5) and a HP5510(COMWARE7)?

Even a basic setup for both ends would help to allow me to then tweak it, i have not created an IPSEC tunnel before on HP and am struggling to find anything anywhere to show an example configuration for the above setup.

Kind Regards

Barry

 

0 Kudos
3 REPLIES 3
jguse
HPE Pro

тАО08-02-2019 01:38 AM

тАО08-02-2019 01:38 AM

Re: Help with IPSEC Tunnel between COMWARE5 and COMWARE7

Hello,

Since VPN like IPSec is usually done with proper Routers and not Routing Switches, most of the helpful configuration example documents are written using VSR/MSR Routers. However the process should be very similar.

Comware Routers with IPSec VPN Tech Note: https://community.hpe.com/t5/WAN-Routing/RWL-Tech-Note-Comware-Routers-with-IPsec-VPN/td-p/7013435#.XUP1bugzaUk

IPSec with VSR Routers: https://www.vcloudnine.de/hp-vsr1000-how-to-configure-a-ipsec-tunnel/

If you have issues with the commands in Comware 5/7 please check the respective Security Configuration and Security Command guides for your devices. Official docs can be found via https://h10145.www1.hpe.com/support/SupportLookUp.aspx

Best regards,
Justin

Working @ HPE
Accept or Kudo
BarryOmd
Occasional Collector

тАО08-02-2019 02:08 AM

тАО08-02-2019 02:08 AM

Re: Help with IPSEC Tunnel between COMWARE5 and COMWARE7

Hi Justin, 

Many thanks for that quick reply, i am starting to wonder if we are perhaps missing something on our HP5500(EI's and HI's) that are COMWARE5, the setup you linked to below is pretty much what i followed for our 5510 side of things on COMWARE7 but our 5500's do not appear to have any IKE commands at all. 

Was there perhaps a different firmware that could be downloaded onto 5500's which was not default which brings in more advanced commands?

I have my 5510 setup as per the attached advice, it is really the 5500HI or EI side i am just failing badly on.

Kind Regards

Barry

0 Kudos
jguse
HPE Pro

тАО08-02-2019 02:25 AM

тАО08-02-2019 02:25 AM

Re: Help with IPSEC Tunnel between COMWARE5 and COMWARE7

Hello,

Sorry to hear that, it sounds like the 5500s may not support IPSec. They are End of Sale for quite some time now, so new features cannot be added.

http://h17007.www1.hpe.com/docs/products/eos/HP%205500%20EI%20and%20HI%20Switches%20-%20June%202016%20-%20External.pdf

Here are two sample 5500s download pages:

https://h10145.www1.hpe.com/downloads/SoftwareReleases.aspx?ProductNumber=JE094A

https://h10145.www1.hpe.com/downloads/SoftwareReleases.aspx?ProductNumber=JD377A

One has its last release in 2014, and the other in 2017. So if you are running the latest release for your device (based on PN like JD377A), and it does not support IPSec-related commands, then you should consider upgrading to a newer model (like your 5510) that does.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.