F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
196
transform-set: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
max sequence-number sent: 6
udp encapsulation used for nat traversal: N
# On Firewall B, ping the IP address of the interface on Firewall A that connects to the branch.
[FirewallB] ping -a 192.168.1.1 172.17.17.1
PING 172.17.17.1: 56 data bytes, press CTRL_C to break
Reply from 172.17.17.1: bytes=56 Sequence=1 ttl=255 time=15 ms
Reply from 172.17.17.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=4 ttl=255 time=5 ms
Reply from 172.17.17.1: bytes=56 Sequence=5 ttl=255 time=4 ms
--- 172.17.17.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/8/15 ms
Similarly, you can view the information on Firewall A. (Details not shown.)
215BIPsec for RIPng configuration example
The following matrix shows the configuration example and hardware compatibility:
Hardware Exam
p
le a
pp
licable
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
The IPsec configuration procedures for protecting OSPFv3 and IPv6 BGP are similar. For more
information about RIPng, OSPFv3, and IPv6 BGP, see Network Management Configuration Guide.
462BNetwork requirements
As shown in 805HFigure 130, Firewall A, Firewall B, and Firewall C are connected. They learn IPv6 routing
information through RIPng.
Configure IPsec for RIPng so that RIPng packets exchanged between the firewalls are transmitted through
an IPsec tunnel. Configure IPsec to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96.