R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
185
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter tunnel interface view.
interface tunnel number N/A
3. Apply a QoS policy to the
IPsec tunnel interface.
qos apply policy policy-name
{ inbound | outbound }
For more information about this
command, see Network
Management Command
Reference.
Configuring IPsec for IPv6 routing protocols
NOTE:
The IPsec for IPv6 routing protocols configuration is available only at the CLI.
The following is the generic configuration procedure for configuring IPsec for IPv6 routing protocols:
1. Configure an IPsec proposal to specify the security protocols, authentication and encryption
algorithms, and encapsulation mode.
2. Configure a manual IPsec policy to specify the keys and SPI.
3. Apply the IPsec policy to an IPv6 routing protocol.
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Task Remarks
Configuring an IPsec proposal Required.
Configuring a manual IPsec policy
Required.
ACLs and IPsec tunnel addresses are not needed.
Applying an IPsec policy to an IPv6 routing
protocol
Required.
See Network Management Configuration Guide.
Configuring IPsec stateful failover
CAUTION:
In an IPsec stateful failover scenario, these restrictions apply:
• VRRP must work in the standard protocol mode.
• Only the active/standby stateful failover mode is supported; the active/active mode is not.
• RSA signature authentication is not supported in IKE negotiation.
• The keepalive mechanism for IKE to maintain the link status of ISAKMP SAs is not supported.
• The IPsec stateful failover configuration is available only at the CLI.
Configuration prerequisites
Before you configure IPsec stateful failover, complete the following configurations on the two devices: