Displaying and maintaining IPsec ······························································································································ 240
IPsec configuration examples······································································································································ 241
Configuring IPsec for RIPng ································································································································ 246
Configuring IKE ······················································································································································· 250
Overview ······································································································································································· 250
IKE negotiation process ······································································································································ 250
IKE security mechanism ······································································································································· 251
Protocols and standards ····································································································································· 252
FIPS compliance ··························································································································································· 252
IKE configuration prerequisites ··································································································································· 252
IKE configuration task list ············································································································································ 252
Configuring an IKE profile ·········································································································································· 253
Configuring an IKE proposal ······································································································································ 255
Configuring an IKE keychain ······································································································································ 256
Configuring IKE DPD···················································································································································· 259
Enabling invalid SPI recovery ····································································································································· 260
Displaying and maintaining IKE ································································································································· 261
IKE configuration examples ········································································································································ 262
Verifying the configuration ································································································································· 264
Troubleshooting IKE ····················································································································································· 264
Configuring SSH ····················································································································································· 269
Overview ······································································································································································· 269
How SSH works ··················································································································································· 269
SSH authentication methods ······························································································································· 270
FIPS compliance ··························································································································································· 271
Generating local key pairs ································································································································· 272
Configuring NETCONF over SSH ····················································································································· 274
Configuring an SSH user ···································································································································· 276
vi