beautypg.com

Configuring ipsec for ipv6 routing protocols, Displaying and maintaining ipsec – H3C Technologies H3C SecPath F1000-E User Manual

Page 151

background image

23

To do…

Use the command…

Remarks

Apply a QoS policy to the
IPsec tunnel interface

qos apply policy policy-name { inbound |
outbound }

Required

Configuring IPsec for IPv6 Routing Protocols

The following is the generic configuration procedure for configuring IPsec for IPv6 routing protocols:

1.

Configure a security proposal, including the security protocol, authentication and encryption
algorithm, and encapsulation mode. A security proposal will apply to data flows associated with

it.

2.

Configure a manual IPsec policy including the keys and SPI.

3.

Apply the IPsec policy to an IPv6 routing protocol.

Complete the following tasks to configure IPsec for IPv6 routing protocols:

Task Remarks

Configuring an IPsec Proposal

Required

Configuring a manual IPsec policy

Required
ACLs and IPsec tunnel addresses are not needed.

Apply an IPsec policy to an IPv6 routing
protocol

Required
Refer to related sections in IPv6 BGP Configuration, OSPFv3

Configuration, and RIPng Configuration of the IP Routing
Volume
.

Displaying and Maintaining IPsec

To do…

Use the command…

Remarks

Display IPsec policy information

display ipsec policy [ brief | name
policy-name [ seq-number ] ]

Available in any view

Display IPsec policy template
information

display ipsec policy-template
[ brief | name template-name

[ seq-number ] ]

Available in any view

Display the configuration of IPsec
profiles

display ipsec profile [ name
profile-name ]

Available in any view

Display IPsec proposal information

display ipsec proposal
[ proposal-name ]

Available in any view

Display IPsec SA information

display ipsec sa [ brief | duration |
policy policy-name [ seq-number ]

| remote ip-address ]

Available in any view

Display IPsec packet statistics

display ipsec statistics

Available in any view

Display IPsec tunnel information

display ipsec tunnel

Available in any view

Clear SAs

reset ipsec sa [ parameters
dest-address protocol spi | policy

policy-name [ seq-number ] |
remote ip-address ]

Available in user view