H3C Technologies H3C SR8800 User Manual

378

[RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1

[RouterC-ipsec-proposal-tran2] quit

[RouterC] ipsec policy policy002 10 manual

[RouterC-ipsec-policy-manual-policy002-10] proposal tran2

[RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321

[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321

[RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba

[RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba

[RouterC-ipsec-policy-manual-policy002-10] quit

5.

Apply IPsec policies to IBGP peers:
# Configure Router A.

[RouterA] bgp 65008

[RouterA-bgp] ipv6-family

[RouterA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001

[RouterA-bgp-af-ipv6] quit

[RouterA-bgp] quit

# Configure Router B.

[RouterB] bgp 65008

[RouterB-bgp] ipv6-family

[RouterB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001

[RouterB-bgp-af-ipv6] quit

[RouterB-bgp] quit

6.

Apply IPsec policies to EBGP peers:
# Configure Router C.

[RouterC] bgp 65009

[RouterC-bgp] ipv6-family

[RouterC-bgp-af-ipv6] peer ebgp ipsec-policy policy002

[RouterC-bgp-af-ipv6] quit

[RouterC-bgp] quit

# Configure Router B.

[RouterB] bgp 65008

[RouterB-bgp] ipv6-family

[RouterB-bgp-af-ipv6] peer ebgp ipsec-policy policy002

[RouterB-bgp-af-ipv6] quit

[RouterB-bgp] quit

7.

Verify the configuration:
# Display detailed IPv6 BGP peer information.

[RouterB] display bgp ipv6 peer verbose

BGP Peer is 1::1, remote AS 65008,

Type: IBGP link

BGP version 4, remote router ID 1.1.1.1

BGP current state: Established, Up for 00h01m51s

BGP current event: RecvKeepalive

BGP last state: OpenConfirm

Port: Local – 1029 Remote - 179

Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec

Received : Active Hold Time: 180 sec