Failed to obtain CRLs ·········································································································································· 167
Failed to export certificates ································································································································ 168
Failed to set the storage path ····························································································································· 169
Configuring IPsec ···················································································································································· 170
Overview ······································································································································································· 170
Security association ············································································································································· 172
Authentication and encryption ··························································································································· 172
IPsec implementation ··········································································································································· 173
IPsec RRI································································································································································ 174
Protocols and standards ····································································································································· 175
FIPS compliance ··························································································································································· 175
IPsec tunnel establishment ··········································································································································· 176
Implementing ACL-based IPsec ··································································································································· 176
Configuring an ACL ············································································································································ 177
Enabling QoS pre-classify ·································································································································· 189
Configuring IPsec RRI ·········································································································································· 191
Configuration task list ········································································································································· 192
Displaying and maintaining IPsec ······························································································································ 194
IPsec configuration examples······································································································································ 195
Configuring IPsec for RIPng ································································································································ 205
Configuring IPsec RRI ·········································································································································· 208
Configuring IKE ······················································································································································· 213
Overview ······································································································································································· 213
IKE negotiation process ······································································································································ 213
IKE security mechanism ······································································································································· 214
Protocols and standards ····································································································································· 215
FIPS compliance ··························································································································································· 215
IKE configuration prerequisites ··································································································································· 215
IKE configuration task list ············································································································································ 215
Configuring an IKE profile ·········································································································································· 216
Configuring an IKE proposal ······································································································································ 218
Configuring an IKE keychain ······································································································································ 219
iv