beautypg.com

Ipsec for ripng configuration example, Network requirements, Configuation considerations – H3C Technologies H3C SecPath F1000-E User Manual

Page 219: Configuring secpath a

background image

207

Reply from 172.17.17.1: bytes=56 Sequence=3 ttl=255 time=10 ms

Reply from 172.17.17.1: bytes=56 Sequence=4 ttl=255 time=5 ms

Reply from 172.17.17.1: bytes=56 Sequence=5 ttl=255 time=4 ms

--- 172.17.17.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 4/8/15 ms

Similarly, you can view the information on SecPath A. (Details not shown.)

IPsec for RIPng configuration example

NOTE:

The IPsec configuration procedures for protecting OSPFv3 and IPv6 BGP are similar. For more information
about RIPng, OSPFv3, and IPv6 BGP, see

Network Management Configuration Guide.

Network requirements

As shown in

Figure 129

, SecPath A, SecPath B, and SecPath C are connected. They learn IPv6 routing

information through RIPng.
Configure IPsec for RIPng so that RIPng packets exchanged between the routers are transmitted through

an IPsec tunnel. Configure IPsec to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96.

Figure 129 Network diagram

Configuation considerations

To meet the requirements, perform the following configuration tasks:

Configure basic RIPng parameters.

Configure a manual IPsec policy.

Apply the IPsec policy to a RIPng process to protect RIPng packets in this process or to an interface
to protect RIPng packets traveling through the interface.

Configuring SecPath A

# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on GigabitEthernet 0/1.

system-view

[SecPathA] ripng 1

[SecPathA-ripng-1] quit

[SecPathA] interface GigabitEthernet 0/1

[SecPathA-GigabitEthernet0/1] ripng 1 enable