Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
211212213214215216217218219220
202
Reply from 172.17.17.1: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=4 ttl=255 time=5 ms
Reply from 172.17.17.1: bytes=56 Sequence=5 ttl=255 time=4 ms
--- 172.17.17.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/8/15 ms
Similarly, you can view the information on Firewall A. (Details not shown.)
IPsec for RIPng configuration example
NOTE:
The IPsec configuration procedures for protecting OSPFv3 and IPv6 BGP are similar. For more information
about RIPng, OSPFv3, and IPv6 BGP, see
Network Management Configuration Guide
.
Network requirements
As shown in Figure 129, Firewall A, Firewall B, and Firewall C are connected. They learn IPv6 routing
information through RIPng.
Configure IPsec for RIPng so that RIPng packets exchanged between the routers are transmitted through
an IPsec tunnel. Configure IPsec to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96.
Figure 129 Network diagram
Configuation considerations
To meet the requirements, perform the following configuration tasks:
Configure basic RIPng parameters.
Configure a manual IPsec policy.
Apply the IPsec policy to a RIPng process to protect RIPng packets in this process or to an interface
to protect RIPng packets traveling through the interface.
Configuring Firewall A
# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on GigabitEthernet 0/1.
<FirewallA> system-view
[FirewallA] ripng 1
[FirewallA-ripng-1] quit
[FirewallA] interface gigabitethernet 0/1
[FirewallA-GigabitEthernet0/1] ripng 1 enable
[FirewallA-GigabitEthernet0/1] quit