Configuring ipsec for ipv6 routing protocols, Displaying and maintaining ipsec – H3C Technologies H3C SecPath F1000-E User Manual
Page 151

23
To do…
Use the command…
Remarks
Apply a QoS policy to the
IPsec tunnel interface
qos apply policy policy-name { inbound |
outbound }
Required
Configuring IPsec for IPv6 Routing Protocols
The following is the generic configuration procedure for configuring IPsec for IPv6 routing protocols:
1.
Configure a security proposal, including the security protocol, authentication and encryption
algorithm, and encapsulation mode. A security proposal will apply to data flows associated with
it.
2.
Configure a manual IPsec policy including the keys and SPI.
3.
Apply the IPsec policy to an IPv6 routing protocol.
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Task Remarks
Required
Configuring a manual IPsec policy
Required
ACLs and IPsec tunnel addresses are not needed.
Apply an IPsec policy to an IPv6 routing
protocol
Required
Refer to related sections in IPv6 BGP Configuration, OSPFv3
Configuration, and RIPng Configuration of the IP Routing
Volume.
Displaying and Maintaining IPsec
To do…
Use the command…
Remarks
Display IPsec policy information
display ipsec policy [ brief | name
policy-name [ seq-number ] ]
Available in any view
Display IPsec policy template
information
display ipsec policy-template
[ brief | name template-name
[ seq-number ] ]
Available in any view
Display the configuration of IPsec
profiles
display ipsec profile [ name
profile-name ]
Available in any view
Display IPsec proposal information
display ipsec proposal
[ proposal-name ]
Available in any view
Display IPsec SA information
display ipsec sa [ brief | duration |
policy policy-name [ seq-number ]
| remote ip-address ]
Available in any view
Display IPsec packet statistics
display ipsec statistics
Available in any view
Display IPsec tunnel information
display ipsec tunnel
Available in any view
Clear SAs
reset ipsec sa [ parameters
dest-address protocol spi | policy
policy-name [ seq-number ] |
remote ip-address ]
Available in user view