- Community Home
- >
- Networking
- >
- Security e-Series
- >
- Re: IPSEC problem with MSR2003 router
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2016 11:34 AM - edited 09-29-2016 11:39 AM
09-29-2016 11:34 AM - edited 09-29-2016 11:39 AM
Hello,
I have bought an HP MSR 2003 router and I am trying to configure IPSec tunnel between it and a Pfsense firewall.
I have created all the necessary rules and so on, but on the ESP encryption options there is only DES as an encryption algorithm. Is there any way to enable 3DES or AES?
The phase 1 connection is made without problems, but the phase 2 fails.
Here is my configuration:
interface GigabitEthernet0/1 port link-mode route description WAN ip address XX.XX.XX.XX 255.255.255.0 default-nexthop ip XX.XX.XX.XX nat outbound 2002 undo dhcp select server ipsec apply policy policy1
#
ipsec transform-set ts1
esp encryption-algorithm des-cbc
esp authentication-algorithm sha1
#
ipsec policy policy1 10 isakmp
transform-set ts1
security acl 3000
local-address XX.XX.XX.XX
remote-address XX.XX.XX.XX
ike-profile 1
#
ipsec policy 1 local-address GigabitEthernet0/1
#
ike profile 1
keychain keychain_galaxy
local-identity address XX.XX.XX.XX
match remote identity address XX.XX.XX.XX 255.255.255.0
proposal 1
#
ike proposal 1
encryption-algorithm aes-cbc-128
dh group2
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2016 03:09 PM - last edited on 04-04-2017 05:17 AM by Parvez_Admin
10-03-2016 03:09 PM - last edited on 04-04-2017 05:17 AM by Parvez_Admin
SolutionHello,
You probably need to enable the "high encryption" license to be able to use AES etc on a new Comware v7 router
Have a look at this blog where a kind fellow has outlined the procedure.
Thanks
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me