WAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

Ipsec vpn in hp msr 2003

 
SOLVED
Go to solution
Highlighted
Regular Visitor

Ipsec vpn in hp msr 2003

Hi,  i am trying to make ipsec vpn between two hp msr routers. In one end peer is assigned statically. And other end i have to configure ipsec peer as dynamic... But my msr 2003 router is not taking remote-address as 0.0.0.0 under 'ipsec policy ______ isakmp' .

Will this router hardware supports dynamic ipsec vpn..

my current image version is ----Boot image: flash:/msr2000-cmw710-boot-e0401l13.bin

version information  is included as attachment

6 REPLIES 6
Highlighted
Advisor
Solution

Re: Ipsec vpn in hp msr 2003

Hi,

Similar discussion you can find in community archives:

https://community.hpe.com/t5/Comware-Based/GRE-over-IPSEC-with-one-side-having-a-dynamic-IP-address/td-p/6803411

Please take a look attached guide: '"IPsec P2MP setup with zero touch in hub"

I haven't tested yet, but hope it works as expected.

Mike

Highlighted
Regular Visitor

Re: Ipsec vpn in hp msr 2003

Hi mike,

Thank you for your replay..

I think it was problem with that platform, may that image or hardware is not supporting dynamic..So i tried with different HP MSR.  In that router i was able to do the dynamic configuration . Until now it works perfectly

 

Thanks & Regards,

Abdul

Highlighted
Advisor

Re: Ipsec vpn in hp msr 2003

Could you please explain which part of dynamic VPN you referred to?

Mike
Highlighted
Regular Visitor

Re: Ipsec vpn in hp msr 2003

 Hi mike,

This was my topology.

In msr 20-10

      I set my ipsec peer ip as a static ip (which is configured on interface of msr 2003)

In msr 2003

    I was not able to give peer ip as 0.0.0.0 ( so that anyone with valid credentials can make ip sec tunnel with him) under ipsec policy... But i rectified the problem by inter changing the router. msr 20-10 was taking peer ip as 0.0.0.0 ..Now it is working properly .

 

I attached the topology with this. PFA the same

 

Thanks 

Abdul

Highlighted
Advisor

Re: Ipsec vpn in hp msr 2003

Ok, in your MSR 2003 this part wasn't possbile?

Create a keychain named key 1 and specify the pre-shared key. In this scenario, we create an open keychain with 1 password to any address. There could be more than 1 keychain with multiple passwords defined to address spaces.

ike keychain key1
  pre-shared-key address 0.0.0.0 0.0.0.0 key simple password

 

 

 

 

Highlighted
Regular Visitor

Re: Ipsec vpn in hp msr 2003

Hi mike
That command was taking. But that is only for the key no?. Means this key can be used for any address. But inside IPsec policy we have to give remote address . That remote-address it was not taking as 0.0.0.0 (means anyone can make IPsec tunnel with him,if someone with valid credentials initiated a tunnel request). But same configuration model I used in msr 20-10 , it was pretty impressive
Thanks
Abdul