R2511-HP MSR Router Series Security Configuration Guide(V5)
199
[RouterC-ipsec-policy-manual-policy001-10] sa spi outbound esp 123456
[RouterC-ipsec-policy-manual-policy001-10] sa spi inbound esp 123456
[RouterC-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg
[RouterC-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg
[RouterC-ipsec-policy-manual-policy001-10] quit
# Apply IPsec policy policy001 to the RIPng process.
[RouterC] ripng 1
[RouterC-ripng-1] enable ipsec-policy policy001
[RouterC-ripng-1] quit
4. Verify the configuration:
After the configuration, Router A, Router B, and Router C learn IPv6 routing information through
RIPng. SAs are set up successfully, and the IPsec tunnel between two peers is up for protecting the
RIPng packets.
# Execute the display ripng command on Router A to view the running status and configuration
information of the specified RIPng process. The output shows that IPsec policy policy001 is applied
to this process successfully.
<RouterA> display ripng 1
RIPng process : 1
Preference : 100
Checkzero : Enabled
Default Cost : 0
Maximum number of balanced paths : 8
Update time : 30 sec(s) Timeout time : 180 sec(s)
Suppress time : 120 sec(s) Garbage-Collect time : 120 sec(s)
Number of periodic updates sent : 186
Number of trigger updates sent : 1
IPsec policy name: policy001, SPI: 123456
# Execute the display ipsec sa command on Router A to view the information about the inbound
and outbound SAs.
<RouterA> display ipsec sa
===============================
Protocol: RIPng
===============================
-----------------------------
IPsec policy name: "policy001"
sequence number: 10
acl version: none
mode: manual
-----------------------------
PFS: N, DH group: none
tunnel:
flow:
[inbound ESP SAs]
spi: 0x3039(123456)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1