HP VPN Firewall Appliances Network Management Configuration Guide
779
match, the device accepts the packet. Otherwise, it discards the packet and will not establish a neighbor
relationship with the sending device.
You can configure an IPsec policy for an area, an interface, or a virtual link.
• To implement area-based IPsec protection, configure the same IPsec policy on the routers in the
target area.
• To implement interface-based IPsec protection, configure the same IPsec policy on the interfaces
between two neighboring routers.
• To implement virtual link-based IPsec protection, configure the same IPsec policy on the two routers
connected over the virtual link.
If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.
If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.
Configuration prerequisites
Before applying an IPsec policy for OSPFv3, complete the following tasks:
• Create an IPsec proposal.
• Create an IPsec policy.
For more information about IPsec policy configuration, see Security Configuration Guide.
Configuration procedure
An IPsec policy used for OSPFv3 can only be in manual mode. For more information, see VPN
Configuration Guide
To apply an IPsec policy in an area:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id ] N/A
3. Enter OSPFv3 area view.
area area-id N/A
4. Apply an IPsec policy in the area.
enable ipsec-policy policy-name Not configured by default.
To apply an IPsec policy on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Apply an IPsec policy on the
interface.
ospfv3 ipsec-policy policy-name
[ instance instance-id ]
Not configured by default.
To apply an IPsec policy on a virtual link:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id ] N/A
3. Enter OSPFv3 area view.
area area-id N/A