H3C Technologies H3C SecPath F1000-E User Manual

812

[SecPathC-ipsec-policy-manual-policy002-10] proposal tran2

[SecPathC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321

[SecPathC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321

[SecPathC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba

[SecPathC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba

[SecPathC-ipsec-policy-manual-policy002-10] quit

5.

Apply IPsec policies to IBGP peers:
# Configure SecPath A.

[SecPathA] bgp 65008

[SecPathA-bgp] ipv6-family

[SecPathA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001

[SecPathA-bgp-af-ipv6] quit

[SecPathA-bgp] quit

# Configure SecPath B.

[SecPathB] bgp 65008

[SecPathB-bgp] ipv6-family

[SecPathB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001

[SecPathB-bgp-af-ipv6] quit

[SecPathB-bgp] quit

6.

Apply IPsec policies to EBGP peers:
# Configure SecPath C.

[SecPathC] bgp 65009

[SecPathC-bgp] ipv6-family

[SecPathC-bgp-af-ipv6] peer ebgp ipsec-policy policy002

[SecPathC-bgp-af-ipv6] quit

[SecPathC-bgp] quit

# Configure SecPath B.

[SecPathB] bgp 65008

[SecPathB-bgp] ipv6-family

[SecPathB-bgp-af-ipv6] peer ebgp ipsec-policy policy002

[SecPathB-bgp-af-ipv6] quit

[SecPathB-bgp] quit

7.

Verify the configuration;
# Display detailed IPv6 BGP peer information.

[SecPathB] display bgp ipv6 peer verbose

BGP Peer is 1::1, remote AS 65008,

Type: IBGP link

BGP version 4, remote router ID 1.1.1.1

BGP current state: Established, Up for 00h01m51s

BGP current event: RecvKeepalive

BGP last state: OpenConfirm

Port: Local – 1029 Remote - 179

Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec

Received : Active Hold Time: 180 sec

Negotiated: Active Hold Time: 180 sec

Peer optional capabilities:

Peer support bgp multi-protocol extended