Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

vsr1000 ipsec ikev2 vti

nikolay_kozkin
Occasional Contributor

vsr1000 ipsec ikev2 vti

Hello, I need to configure ipsec ikev2 site to site between cisco csr 1000v and hpe vsr1000
cisco config

crypto ikev2 keyring HPE
peer HPE
address xxx.xxx.xxx.132
identity address yyy.yyy.yyy.111
pre-shared-key local Cisco-Pass
pre-shared-key remote HPE-Pass

crypto ikev2 proposal HPE
encryption aes-cbc-128
integrity sha256
group 14

crypto ikev2 policy HPE
match address local yyy.yyy.yyy.111
proposal HPE

crypto ikev2 profile HPE
match identity remote address xxx.xxx.xxx.132 255.255.255.255
identity local address yyy.yyy.yyy.111
authentication remote pre-share
authentication local pre-share
keyring local HPE

crypto ipsec profile HPE
set ikev2-profile HPE

interface Tunnel5
ip address 10.10.10.2 255.255.255.252
tunnel source GigabitEthernet4
tunnel mode ipsec ipv4
tunnel destination xxx.xxx.xxx.132
tunnel protection ipsec profile HPE
end

hpe config

ikev2 keychain CSR
peer CSR
address yyy.yyy.yyy.111 255.255.255.255
identity address xxx.xxx.xxx.132
pre-shared-key local pl HPE-Pass
pre-shared-key remote pl Cisco-Pass

ikev2 proposal CSR
encryption aes-cbc-128
integrity sha256
dh group14

ikev2 policy CSR
proposal CSR
match local address xxx.xxx.xxx.132

ikev2 profile CSR
authentication-method local pre-share
authentication-method remote pre-share
keychain CSR
match remote identity address yyy.yyy.yyy.111 255.255.255.25

interface Tunnel5 mode ipv4-ipv4
ip address 10.10.10.1 255.255.255.252
source GigabitEthernet4/0
destination yyy.yyy.yyy.111
ipsec apply policy CSR

I do something wrong, I ask for help