R2511-HP MSR Router Series Security Configuration Guide(V5)
196
spi: 0x8CF16C54(2364632148)
transform: ESP-ENCRYPT-DES ESP-AUTH-MD5
in use setting: Tunnel
connection id: 2
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3503
anti-replay detection: Enabled
anti-replay window size(counter based) : 32
udp encapsulation used for nat traversal: N
# On Router B, ping the IP address of the interface on Router A that connects to the branch.
[RouterB] ping -a 192.168.1.1 172.17.17.1
PING 172.17.17.1: 56 data bytes, press CTRL_C to break
Reply from 172.17.17.1: bytes=56 Sequence=1 ttl=255 time=15 ms
Reply from 172.17.17.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=4 ttl=255 time=5 ms
Reply from 172.17.17.1: bytes=56 Sequence=5 ttl=255 time=4 ms
--- 172.17.17.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/8/15 ms
Similarly, you can view the information on Router A. (Details not shown.)
Configuring IPsec for RIPng
The IPsec configuration procedures for protecting OSPFv3 and IPv6 BGP are similar. For more
information about RIPng, OSPFv3, and IPv6 BGP, see Layer 3—IP Routing Configuration Guide.
Network requirements
As shown in Figure 60, Router A, Router B, and Router C are connected. They learn IPv6 routing
information through RIPng.
Configure IPsec for RIPng so that RIPng packets exchanged between the routers are transmitted through
an IPsec tunnel. Configure IPsec to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96.
Figure 60 Network diagram
Configuration considerations
Perform the following configuration tasks:
• Configure basic RIPng parameters.
• Configure a manual IPsec policy.