Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
191192193194195196197198199200
191
PING 172.17.17.1: 56 data bytes, press CTRL_C to break
Reply from 172.17.17.1: bytes=56 Sequence=1 ttl=255 time=15 ms
Reply from 172.17.17.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 172.17.17.1: bytes=56 Sequence=4 ttl=255 time=5 ms
Reply from 172.17.17.1: bytes=56 Sequence=5 ttl=255 time=4 ms
--- 172.17.17.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/8/15 ms
Similarly, you can view the information on Firewall A. (Details not shown.)
IPsec for RIPng configuration example
The IPsec configuration procedures for protecting OSPFv3 and IPv6 BGP are similar. For more
information about RIPng, OSPFv3, and IPv6 BGP, see Network Management Configuration Guide.
Network requirements
As shown in Figure 130, Firewall A, Firewall B, and Firewall C are connected. They learn IPv6 routing
information through RIPng.
Configure IPsec for RIPng so that RIPng packets exchanged between the firewalls are transmitted through
an IPsec tunnel. Configure IPsec to use the security protocol ESP, the encryption algorithm DES, and the
authentication algorithm SHA1-HMAC-96.
Figure 130 Network diagram
Configuration considerations
Perform the following configuration tasks:
Configure basic RIPng parameters.
Configure a manual IPsec policy.
Apply the IPsec policy to a RIPng process to protect RIPng packets in this process or to an interface
to protect RIPng packets traveling through the interface.
Configuration procedure
1. Configure Firewall A:
# Assign an IPv6 address to each interface. (Details not shown.)
# Create a RIPng process and enable it on GigabitEthernet 0/1.
<FirewallA> system-view
[FirewallA] ripng 1
[FirewallA-ripng-1] quit
[FirewallA] interface gigabitethernet 0/1