beautypg.com

Verification – H3C Technologies H3C SecPath F1000-E User Manual

Page 163

background image

35

# Create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security

protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1-HMAC-96.

[DeviceC] ipsec proposal tran1

[DeviceC-ipsec-proposal-tran1] encapsulation-mode transport

[DeviceC-ipsec-proposal-tran1] transform esp

[DeviceC-ipsec-proposal-tran1] esp encryption-algorithm des

[DeviceC-ipsec-proposal-tran1] esp authentication-algorithm sha1

[DeviceC-ipsec-proposal-tran1] quit

# Create an IPsec policy named policy001, specify the manual mode for it, and configure the SPIs of the
inbound and outbound SAs as 123456, and the keys for the inbound and outbound SAs using ESP as

abcdefg.

[DeviceC] ipsec policy policy001 10 manual

[DeviceC-ipsec-policy-manual-policy001-10] proposal tran1

[DeviceC-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345

[DeviceC-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345

[DeviceC-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[DeviceC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[DeviceC-ipsec-policy-manual-policy001-10] quit

# Apply IPsec policy policy001 to the RIPng process.

[DeviceC] ripng 1

[DeviceC-ripng-1] ipsec-policy policy001

[DeviceC-ripng-1] quit

Verification

After above configuration, Device A, Device B, and Device C learn IPv6 routing information through

RIPng. SAs are set up successfully, and the IPsec tunnel between two peers is up for protecting the RIPng

packets.
Using the display ripng command on Device A, you will see the running status and configuration

information of the specified RIPng process. The output shows that IPsec policy policy001 is applied to this

process successfully.

display ripng 1

RIPng process : 1

Preference : 100

Checkzero : Enabled

Default Cost : 0

Maximum number of balanced paths : 8

Update time : 30 sec(s) Timeout time : 180 sec(s)

Suppress time : 120 sec(s) Garbage-Collect time : 120 sec(s)

Number of periodic updates sent : 186

Number of trigger updates sent : 1

IPsec policy name: policy001, SPI: 12345

Using the display ipsec sa command on Device A, you will see the information about the inbound and
outbound SAs.

display ipsec sa

===============================

Protocol: RIPng

===============================