Configuring secpath c, Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

Page 221

209

[SecPathB-ipsec-policy-manual-policy001-10] proposal tran1

[SecPathB-ipsec-policy-manual-policy001-10] sa spi outbound esp 123456

[SecPathB-ipsec-policy-manual-policy001-10] sa spi inbound esp 123456

[SecPathB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[SecPathB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[SecPathB-ipsec-policy-manual-policy001-10] quit

# Apply IPsec policy policy001 to the RIPng process.

[SecPathB] ripng 1

[SecPathB-ripng-1] enable ipsec-policy policy001

[SecPathB-ripng-1] quit

Configuring SecPath C

# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on GigabitEthernet 0/1.

system-view

[SecPathC] ripng 1

[SecPathC-ripng-1] quit

[SecPathC] interface GigabitEthernet 0/1

[SecPathC-GigabitEthernet0/1] ripng 1 enable

[SecPathC-GigabitEthernet0/1] quit

# Create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security
protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1-HMAC-96.

[SecPathC] ipsec proposal tran1

[SecPathC-ipsec-proposal-tran1] encapsulation-mode transport

[SecPathC-ipsec-proposal-tran1] transform esp

[SecPathC-ipsec-proposal-tran1] esp encryption-algorithm des

[SecPathC-ipsec-proposal-tran1] esp authentication-algorithm sha1

[SecPathC-ipsec-proposal-tran1] quit

# Create an IPsec policy named policy001, specify the manual mode for it, and configure the SPIs of the
inbound and outbound SAs as 123456, and the keys for the inbound and outbound SAs using ESP as
abcdefg.

[SecPathC] ipsec policy policy001 10 manual

[SecPathC-ipsec-policy-manual-policy001-10] proposal tran1

[SecPathC-ipsec-policy-manual-policy001-10] sa spi outbound esp 123456

[SecPathC-ipsec-policy-manual-policy001-10] sa spi inbound esp 123456

[SecPathC-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[SecPathC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[SecPathC-ipsec-policy-manual-policy001-10] quit

# Apply IPsec policy policy001 to the RIPng process.

[SecPathC] ripng 1

[SecPathC-ripng-1] enable ipsec-policy policy001

[SecPathC-ripng-1] quit

Verifying the configuration

After the configuration, SecPath A, SecPath B, and SecPath C learn IPv6 routing information through
RIPng. SAs are set up successfully, and the IPsec tunnel between two peers is up for protecting the RIPng

packets.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS