R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

291

292

293

294

295

296

297

298

299

300

282

Number of trigger updates sent : 1

IPsec policy name: policy001, SPI: 123456

The output shows that IPsec policy policy001 is applied to the RIPng process successfully.

# Execute the display ipsec sa command on Router A to view the information about the inbound

and outbound SAs.

<RouterA> display ipsec sa

===============================

Protocol: RIPng

===============================

-----------------------------

IPsec policy name: "policy001"

sequence number: 10

acl version: None

mode: manual

-----------------------------

PFS: N, DH group: none

tunnel:

flow:

[inbound ESP SAs]

spi: 0x3039(123456)

transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1

in use setting: Transport

connection id: 13

No duration limit for this sa

[outbound ESP SAs]

spi: 0x3039(123456)

transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1

in use setting: Transport

connection id: 14

No duration limit for this sa

Similarly, you can view the information on Router B and Router C. (Details not shown.)

Configuring IPsec RRI

Network requirements

As shown in Figure 94, configure an IPsec tunnel between Router A and Router B to protect the traffic

between the headquarters and the branch. Configure the tunnel to use the security protocol ESP, the

encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96. Use IKE for automatic SA

negotiation.

Configure IPsec RRI on Router A to automatically create a static route to the branch based on the

established IPsec SAs. Specify the next hop of the route as 1.1.1.2.