F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

781

782

783

784

785

786

787

788

789

790

762

893BConfiguring RIPng IPsec policies

1733BNetwork requirements

As shown in the following figure,

• Configure RIPng on the devices.

• Configure IPsec policies on the devices to authenticate and encrypt protocol packets.

Figure 391 Network diagram

1734BConfiguration procedure

1. Configure IPv6 addresses for interfaces. (Details not shown.)

2. Configure RIPng basic functions:

# Configure Router A.

<RouterA> system-view

[RouterA] ripng 1

[RouterA-ripng-1] quit

[RouterA] interface gigabitethernet 0/1

[RouterA-GigabitEthernet0/1] ripng 1 enable

[RouterA-GigabitEthernet0/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ripng 1

[RouterB-ripng-1] quit

[RouterB] interface gigabitethernet 0/1

[RouterB-GigabitEthernet0/1] ripng 1 enable

[RouterB-GigabitEthernet0/1] quit

[RouterB] interface gigabitethernet 0/2

[RouterB-GigabitEthernet0/2] ripng 1 enable

[RouterB-GigabitEthernet0/2] quit

# Configure Firewall.

<Firewall> system-view

[Firewall] ripng 1

[Firewall-ripng-1] quit

[Firewall] interface gigabitethernet 0/1

[Firewall-GigabitEthernet0/1] ripng 1 enable

[Firewall-GigabitEthernet0/1] quit

3. Configure RIPng IPsec policies:

# On Router A, create an IPsec proposal named tran1, and set the encapsulation mode to

transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication

algorithm to SHA1. Create an IPsec policy named policy001, specify the manual mode for it,

reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the

keys for the inbound and outbound SAs using ESP to abcdefg.