beautypg.com

H3C Technologies H3C S5560 Series Switches User Manual

Page 378

background image

362

[SwitchB-ipsec-transform-set-protrf1] encapsulation-mode transport

[SwitchB-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[SwitchB] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[SwitchB-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[SwitchB-ipsec-profile-profile001-manual] sa spi inbound esp 256

[SwitchB-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[SwitchB-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[SwitchB-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[SwitchB-ipsec-profile-profile001-manual] quit

{

On Switch C:
# Create an IPsec transform set named protrf1.

[SwitchC] ipsec transform-set protrf1

# Specify the ESP encryption and authentication algorithms.

[SwitchC-ipsec-transform-set-protrf1] esp encryption-algorithm 3des-cbc

[SwitchC-ipsec-transform-set-protrf1] esp authentication-algorithm md5

# Specify the encapsulation mode as transport.

[SwitchC-ipsec-transform-set-protrf1] encapsulation-mode transport

[SwitchC-ipsec-transform-set-protrf1] quit

# Create a manual IPsec profile named profile001.

[SwitchC] ipsec profile profile001 manual

# Reference IPsec transform set protrf1.

[SwitchC-ipsec-profile-profile001-manual] transform-set protrf1

# Configure the inbound and outbound SPIs for ESP.

[SwitchC-ipsec-profile-profile001-manual] sa spi inbound esp 256

[SwitchC-ipsec-profile-profile001-manual] sa spi outbound esp 256

# Configure the inbound and outbound SA keys for ESP.

[SwitchC-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc

[SwitchC-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc

[SwitchC-ipsec-profile-profile001-manual] quit

4.

Apply the IPsec profiles to the RIPng process:
# Configure Switch A.

[SwitchA] ripng 1

[SwitchA-ripng-1] enable ipsec-profile profile001

[SwitchA-ripng-1] quit

# Configure Switch B.

[SwitchB] ripng 1

[SwitchB-ripng-1] enable ipsec-profile profile001

[SwitchB-ripng-1] quit

# Configure Switch C.

[SwitchC] ripng 1

[SwitchC-ripng-1] enable ipsec-profile profile001

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: