Configuring ripng ipsec policies, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

750

Configuring RIPng IPsec policies

Network requirements

As shown in

Figure 382

,

•

Configure RIPng on the firewalls.

•

Configure IPsec policies on the firewalls to authenticate and encrypt protocol packets.

Figure 382 Network diagram

Configuration procedure

1.

Configure IPv6 addresses for interfaces. (Details not shown.)

2.

Configure RIPng basic functions:
# Configure SecPath A.

system-view

[SecPathA] ripng 1

[SecPathA-ripng-1] quit

[SecPathA] interface GigabitEthernet 0/1

[SecPathA-GigabitEthernet0/1] ripng 1 enable

[SecPathA-GigabitEthernet0/1] quit

# Configure SecPath B.

system-view

[SecPathB] ripng 1

[SecPathB-ripng-1] quit

[SecPathB] interface GigabitEthernet 0/1

[SecPathB-GigabitEthernet0/1] ripng 1 enable

[SecPathB-GigabitEthernet0/1] quit

[SecPathB] interface GigabitEthernet 0/2

[SecPathB-GigabitEthernet0/2] ripng 1 enable

[SecPathB-GigabitEthernet0/2] quit

# Configure SecPath C.

system-view

[SecPathC] ripng 1

[SecPathC-ripng-1] quit

[SecPathC] interface GigabitEthernet 0/1

[SecPathC-GigabitEthernet0/1] ripng 1 enable

[SecPathC-GigabitEthernet0/1] quit

3.

Configure RIPng IPsec policies:
# On SecPath A, create an IPsec proposal named tran1, and set the encapsulation mode to
transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication
algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it,

reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the

keys for the inbound and outbound SAs using ESP to abcdefg.