H3C Technologies H3C SR8800 User Manual
Page 394
378
[RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1
[RouterC-ipsec-proposal-tran2] quit
[RouterC] ipsec policy policy002 10 manual
[RouterC-ipsec-policy-manual-policy002-10] proposal tran2
[RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321
[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321
[RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba
[RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba
[RouterC-ipsec-policy-manual-policy002-10] quit
5.
Apply IPsec policies to IBGP peers:
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] ipv6-family
[RouterA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001
[RouterA-bgp-af-ipv6] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] ipv6-family
[RouterB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
6.
Apply IPsec policies to EBGP peers:
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] ipv6-family
[RouterC-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] ipv6-family
[RouterB-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
7.
Verify the configuration:
# Display detailed IPv6 BGP peer information.
[RouterB] display bgp ipv6 peer verbose
BGP Peer is 1::1, remote AS 65008,
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
BGP current state: Established, Up for 00h01m51s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
Port: Local – 1029 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec