Configuration prerequisites, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

177

•

Configure the keys on all routers within the routed network scope in the same format. For example,

if you enter the keys in hexadecimal format on one router, do so across the routed network scope.

Configuration prerequisites

Configure ACLs used for identifying protected traffic and IPsec proposals. ACLs are not required for IPsec

policies for an IPv6 protocol.

Configuration procedure

To configure a manual IPsec policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a manual IPsec
policy and enter its

view.

ipsec policy policy-name seq-number
manual

By default, no IPsec policy exists.

3.

Assign an ACL to the

IPsec policy.

security acl acl-number

Not needed for IPsec policies to be
applied to IPv6 routing protocols
and required for other applications.
By default, an IPsec policy
references no ACL.
The ACL supports match criteria of

the VPN instance attribute.
An IPsec policy can reference only

one ACL. If you apply multiple ACLs
to an IPsec policy, only the last one

takes effect.

4.

Assign an IPsec

proposal to the IPsec
policy.

proposal proposal-name

By default, an IPsec policy
references no IPsec proposal.
A manual IPsec policy can reference

only one IPsec proposal. To change
an IPsec proposal for an IPsec

policy, you must remove the

proposal reference first.

5.

Configure the local

address of the tunnel.

tunnel local ip-address

Not needed for IPsec policies to be
applied to IPv6 routing protocols
and required for other applications.
Not configured by default.

6.

Configure the remote

address of the tunnel.

tunnel remote ip-address

Not configured by default.

7.

Configure the SPIs for

the SAs.

sa spi { inbound | outbound } { ah |
esp } spi-number

N/A