Configuration procedure
To configure IPsec RRI:
Step
1.
Enter system view.
2.
Enter IPsec policy view or
IPsec policy template view.
3.
Enable IPsec RRI.
4.
Optional.) Set the preference
value for the static routes
created by IPsec RRI.
5.
(Optional.) Set the tag value
for the static routes created
by IPsec RRI.
Configuring IPsec for IPv6 routing protocols
Configuration task list
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Tasks at a glance
(Required.)
(Required.)
(Required.) Applying the IPsec profile to an IPv6 routing protocol (see Layer 3—IP Routing Configuration
Guide)
(Optional.)
Enabling logging of IPsec packets
(Optional.)
Configuring SNMP notifications for IPsec
Configuring a manual IPsec profile
A manual IPsec profile is similar to a manual IPsec policy. The difference is that an IPsec profile is
uniquely identified by a name and it does not support ACL configuration. A manual IPsec profile
specifies the IPsec transform set used for protecting data flows, and the SPIs and keys used by the
SAs.
When you configure a manual IPsec profile, make sure the IPsec profile configuration at both tunnel
ends meets the following requirements:
Configuring an IPsec transform set
Configuring a manual IPsec profile
Command
system-view
•
To enter IPsec policy view:
ipsec { policy | ipv6-policy }
policy-name seq-number
isakmp
•
To enter IPsec policy template
view:
ipsec { policy-template |
ipv6-policy-template }
template-name seq-number
reverse-route dynamic
reverse-route preference number
reverse-route tag tag-value
309
Remarks
N/A
N/A
By default, IPsec RRI is
disabled.
IPsec RRI is supported in both
tunnel mode and transport
mode.
The default value is 60.
The default value is 0.