Configuring Ipsec Rri Example - HP A6600 Configuration Manual

Configuring IPsec RRI example

Network requirements
As shown in
between the headquarters and the branch. Configure the tunnel to use the security protocol ESP, the
encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96. Use IKE for automatic SA
negotiation.
Configure IPsec RRI on Router A to automatically create a static route to the branch based on the
established IPsec SAs. Specify the next hop of the route as 1.1.1.2.
Figure 99 Network diagram for configuring IPsec RRI
Router A
GE1/0/2
10.4.4.1/24
Headquarter
Assign IPv4 Address to the interfaces on the routers. Make sure that Router A and Router B can reach
each other.
Configuration procedure
Configure Router A.
1.
# Configure ACL 3101 to identify traffic from subnet 10.4.4.0/24 to subnet 10.5.5.0/24.
<RouterA> system-view
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.4.4.0 0.0.0.255 destination 10.5.5 0
0.0.0.255
[RouterA-acl-adv-3101] quit
# Create IPsec proposal tran1.
[RouterA] ipsec proposal tran1
# Set the packet encapsulation mode to tunnel.
[RouterA-ipsec-proposal-tran1] encapsulation-mode tunnel
# Use ESP as the security protocol.
[RouterA-ipsec-proposal-tran1] transform esp
# Use DES as the encryption algorithm and SHA1-HMAC-96 as the authentication algorithm.
[RouterA-ipsec-proposal-tran1] esp encryption-algorithm des
[RouterA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-proposal-tran1] quit
# Create IKE peer peer.
[RouterA] ike peer peer
Figure 99, an IPsec tunnel is required between Router A and Router B to protect the traffic
GE1/0/1
1.1.1.1/16
Internet
Host A
10.4.4.4/24
Router B
GE1/0/1
2.2.2.2/16
GE1/0/2
10.5.5.1/24
Branch
Host B
10.5.5.5/24
283