Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
201202203204205206207208209210
199
[FirewallC] ipsec transform-set tran1
[FirewallC-ipsec-transform-set-tran1] encapsulation-mode transport
[FirewallC-ipsec-transform-set-tran1] transform esp
[FirewallC-ipsec-transform-set-tran1] esp encryption-algorithm des
[FirewallC-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[FirewallC-ipsec-transform-set-tran1] quit
# Create an IPsec policy named policy001, specify the manual mode for it, and configure the SPIs
of the inbound and outbound SAs as 123456, and the keys for the inbound and outbound SAs
using ESP as abcdefg.
[FirewallC] ipsec policy policy001 10 manual
[FirewallC-ipsec-policy-manual-policy001-10] transform-set tran1
[FirewallC-ipsec-policy-manual-policy001-10] sa spi outbound esp 123456
[FirewallC-ipsec-policy-manual-policy001-10] sa spi inbound esp 123456
[FirewallC-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[FirewallC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[FirewallC-ipsec-policy-manual-policy001-10] quit
# Apply IPsec policy policy001 to the RIPng process.
[FirewallC] ripng 1
[FirewallC-ripng-1] enable ipsec-policy policy001
[FirewallC-ripng-1] quit
4. Verify the configuration:
After the configuration, Firewall A, Firewall B, and Firewall C learn IPv6 routing information
through RIPng. SAs are set up successfully, and the IPsec tunnel between two peers is up for
protecting the RIPng packets.
# Execute the display ripng command on Firewall A to view the running status and configuration
information of the specified RIPng process. The output shows that IPsec policy policy001 is applied
to this process successfully.
<FirewallA> display ripng 1
RIPng process : 1
Preference : 100
Checkzero : Enabled
Default Cost : 0
Maximum number of balanced paths : 8
Update time : 30 sec(s) Timeout time : 180 sec(s)
Suppress time : 120 sec(s) Garbage-Collect time : 120 sec(s)
Number of periodic updates sent : 186
Number of trigger updates sent : 1
IPsec policy name: policy001, SPI: 123456
# Execute the display ipsec sa command on Firewall A to view the information about the inbound
and outbound SAs.
<FirewallA> display ipsec sa
===============================
Protocol: RIPng
===============================
-----------------------------
IPsec policy name: "policy001"