Comware Based
Showing results for 
Search instead for 
Did you mean: 

vsr1000 ipsec ikev2 vti

Occasional Contributor

vsr1000 ipsec ikev2 vti

Hello, I need to configure ipsec ikev2 site to site between cisco csr 1000v and hpe vsr1000
cisco config

crypto ikev2 keyring HPE
peer HPE
identity address yyy.yyy.yyy.111
pre-shared-key local Cisco-Pass
pre-shared-key remote HPE-Pass

crypto ikev2 proposal HPE
encryption aes-cbc-128
integrity sha256
group 14

crypto ikev2 policy HPE
match address local yyy.yyy.yyy.111
proposal HPE

crypto ikev2 profile HPE
match identity remote address
identity local address yyy.yyy.yyy.111
authentication remote pre-share
authentication local pre-share
keyring local HPE

crypto ipsec profile HPE
set ikev2-profile HPE

interface Tunnel5
ip address
tunnel source GigabitEthernet4
tunnel mode ipsec ipv4
tunnel destination
tunnel protection ipsec profile HPE

hpe config

ikev2 keychain CSR
peer CSR
address yyy.yyy.yyy.111
identity address
pre-shared-key local pl HPE-Pass
pre-shared-key remote pl Cisco-Pass

ikev2 proposal CSR
encryption aes-cbc-128
integrity sha256
dh group14

ikev2 policy CSR
proposal CSR
match local address

ikev2 profile CSR
authentication-method local pre-share
authentication-method remote pre-share
keychain CSR
match remote identity address yyy.yyy.yyy.111

interface Tunnel5 mode ipv4-ipv4
ip address
source GigabitEthernet4/0
destination yyy.yyy.yyy.111
ipsec apply policy CSR

I do something wrong, I ask for help