R3303-HP 6600/HSR6600 Routers Security Configuration Guide
276
Ste
p
Command
Remarks
3. Assign a private IP address
to the tunnel interface.
• To assign an IPv4 address:
ip address ip-address { mask |
mask-length } [ sub ]
• To assign a global unicast address
or site-local address:
{ ipv6 address { ipv6-address
prefix-length |
ipv6-address/prefix-length }
{ ipv6 address
ipv6-address/prefix-length
eui-64
• To assign a link-local address:
{ ipv6 address auto link-local
{ ipv6 address ipv6-address
link-local
Configure one type of address.
By default, no private IP address
is assigned to a tunnel interface.
4. Set the tunnel mode of the
tunnel interface to IPsec
over IPv4.
tunnel-protocol ipsec { ipv4 | ipv6 }
By default, the tunnel
encapsulation mode is GRE.
5. Specify the source address
or interface of the tunnel
interface.
source { ip-address | interface-type
interface-number }
By default, no source address or
interface is specified for a tunnel
interface.
If you specify an interface, the
tunnel interface will take the
primary IP address of the source
interface.
6. Specify the destination
address of the tunnel
interface.
destination ip-address
Optional for an IKE negotiation
responder, and required for an
IKE negotiation initiator.
By default, no tunnel destination
address is configured.
7. Apply an IPsec profile to
the tunnel interface.
ipsec profile profile-name
The IPsec profile must have been
created and have not been
applied to any DVPN tunnel
interface.
For more information about commands interface tunnel, tunnel-protocol, source and destination, see
Layer 3—IP Services Commands Reference.
An IPsec profile cannot be applied to both an IPsec tunnel interface and a DVPN tunnel interface
simultaneously.
An IPsec tunnel interface can reference only one IPsec profile.
Apply an IPsec profile to only one IPsec tunnel interface. Although an IPsec profile can be applied to
multiple IPsec tunnel interfaces, it takes effect only on the IPsec tunnel interface that goes up first.