H3C Technologies H3C SecPath F1000-E User Manual
Page 805
780
[SecPathB] ipv6
[SecPathB] ospfv3 1
[SecPathB-ospfv3-1] router-id 2.2.2.2
[SecPathB-ospfv3-1] quit
[SecPathB] interface GigabitEthernet 0/2
[SecPathB-GigabitEthernet0/2] ospfv3 1 area 1
[SecPathB-GigabitEthernet0/2] quit
[SecPathB] interface GigabitEthernet 0/1
[SecPathB-GigabitEthernet0/1] ospfv3 1 area 0
[SecPathB-GigabitEthernet0/1] quit
# Configure SecPath C: enable OSPFv3 and configure the router ID as 3.3.3.3.
[SecPathC] ipv6
[SecPathC] ospfv3 1
[SecPathC-ospfv3-1] router-id 3.3.3.3
[SecPathC-ospfv3-1] quit
[SecPathC] interface GigabitEthernet 0/1
[SecPathC-GigabitEthernet0/1] ospfv3 1 area 0
[SecPathC-GigabitEthernet0/1] quit
3.
Configure OSPFv3 IPsec policies:
# On SecPath A, create an IPsec proposal named tran1, and set the encapsulation mode to
transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication
algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it,
reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the
keys for the inbound and outbound SAs using ESP to abcdefg.
[SecPathA] ipsec proposal tran1
[SecPathA-ipsec-proposal-tran1] encapsulation-mode transport
[SecPathA-ipsec-proposal-tran1] transform esp
[SecPathA-ipsec-proposal-tran1] esp encryption-algorithm des
[SecPathA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[SecPathA-ipsec-proposal-tran1] quit
[SecPathA] ipsec policy policy001 10 manual
[SecPathA-ipsec-policy-manual-policy001-10] proposal tran1
[SecPathA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345
[SecPathA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345
[SecPathA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[SecPathA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[SecPathA-ipsec-policy-manual-policy001-10] quit
# On SecPath B, create an IPsec proposal named tran1, and set the encapsulation mode to
transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication
algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it,
reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the
keys for the inbound and outbound SAs using ESP to abcdefg; create an IPsec proposal named
tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the
encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named
policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer