R2511-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V5)
377
[RouterC] ipsec proposal tran2
[RouterC-ipsec-proposal-tran2] encapsulation-mode transport
[RouterC-ipsec-proposal-tran2] transform esp
[RouterC-ipsec-proposal-tran2] esp encryption-algorithm des
[RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1
[RouterC-ipsec-proposal-tran2] quit
[RouterC] ipsec policy policy002 10 manual
[RouterC-ipsec-policy-manual-policy002-10] proposal tran2
[RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321
[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321
[RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba
[RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba
[RouterC-ipsec-policy-manual-policy002-10] quit
5. Apply IPsec policies to IBGP peers:
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp] ipv6-family
[RouterA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001
[RouterA-bgp-af-ipv6] quit
[RouterA-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] ipv6-family
[RouterB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
6. Apply IPsec policies to EBGP peers:
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp] ipv6-family
[RouterC-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[RouterC-bgp-af-ipv6] quit
[RouterC-bgp] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp] ipv6-family
[RouterB-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[RouterB-bgp-af-ipv6] quit
[RouterB-bgp] quit
7. Verify the configuration:
# Display detailed IPv6 BGP peer information.
[RouterB] display bgp ipv6 peer verbose
BGP Peer is 1::1, remote AS 65008,
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
BGP current state: Established, Up for 00h01m51s
BGP current event: RecvKeepalive