R2511-HP MSR Router Series Security Configuration Guide(V5)
197
• Apply the IPsec policy to a RIPng process to protect RIPng packets in this process or to an interface
to protect RIPng packets traveling through the interface.
Configuration procedure
1. Configure Router A:
# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on Ethernet 1/1.
<RouterA> system-view
[RouterA] ripng 1
[RouterA-ripng-1] quit
[RouterA] interface ethernet 1/1
[RouterA-Ethernet1/1] ripng 1 enable
[RouterA-Ethernet1/1] quit
# Create an IPsec transform set named tran1, and set the encapsulation mode to transport mode,
the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to
SHA1-HMAC-96.
[RouterA] ipsec transform-set tran1
[RouterA-ipsec-transform-set-tran1] encapsulation-mode transport
[RouterA-ipsec-transform-set-tran1] transform esp
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-tran1] quit
# Create an IPsec policy named policy001, specify the manual mode for it, set the SPIs of the
inbound and outbound SAs to 123456, and the keys for the inbound and outbound SAs using ESP
to abcdefg.
[RouterA] ipsec policy policy001 10 manual
[RouterA-ipsec-policy-manual-policy001-10] transform-set tran1
[RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 123456
[RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 123456
[RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[RouterA-ipsec-policy-manual-policy001-10] quit
# Apply IPsec policy policy001 to the RIPng process.
[RouterA] ripng 1
[RouterA-ripng-1] enable ipsec-policy policy001
[RouterA-ripng-1] quit
2. Configure Router B:
# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on Ethernet 1/1 and Ethernet 1/2.
<RouterB> system-view
[RouterB] ripng 1
[RouterB-ripng-1] quit
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ripng 1 enable
[RouterB-Ethernet1/1] quit
[RouterB] interface ethernet 1/2
[RouterB-Ethernet1/2] ripng 1 enable