Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 161

Advertising
background image

33

To meet the above requirements,

Configure basic RIPng parameters.

Configure a manual IPsec policy.

Apply the IPsec policy to a RIPng process to protect RIPng packets in this process or to an interface
to protect RIPng packets traveling through the interface.

Figure 8 Network diagram for configuring IPsec for RIPng packets

Configuration procedure

NOTE:

For information about RIPng configuration, refer to

RIPng Configuration in the IP Routing Volume.

1.

Configure Device A

# Assign an IPv6 address to each interface. (Omitted)
# Create a RIPng process and enable it on GigabitEthernet 0/1.

<DeviceA> system-view

[DeviceA] ripng 1

[DeviceA-ripng-1] quit

[DeviceA] interface gigabitethernet 0/1

[DeviceA-GigabitEthernet0/1] ripng 1 enable

[DeviceA-GigabitEthernet0/1] quit

# Create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security
protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1-HMAC-96.

[DeviceA] ipsec proposal tran1

[DeviceA-ipsec-proposal-tran1] encapsulation-mode transport

[DeviceA-ipsec-proposal-tran1] transform esp

[DeviceA-ipsec-proposal-tran1] esp encryption-algorithm des

[DeviceA-ipsec-proposal-tran1] esp authentication-algorithm sha1

[DeviceA-ipsec-proposal-tran1] quit

# Create an IPsec policy named policy001, specify the manual mode for it, set the SPIs of the inbound
and outbound SAs to 123456, and the keys for the inbound and outbound SAs using ESP to abcdefg.

[DeviceA] ipsec policy policy001 10 manual

[DeviceA-ipsec-policy-manual-policy001-10] proposal tran1

[DeviceA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345

[DeviceA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345

[DeviceA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[DeviceA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[DeviceA-ipsec-policy-manual-policy001-10] quit

# Apply IPsec policy policy001 to the RIPng process.

[DeviceA] ripng 1

[DeviceA-ripng-1] ipsec-policy policy001

Advertising
This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: