Configuring An Ike-Based Ipsec Tunnel For Ipv6 Packets - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
remote address: 2.2.2.1
Flow:
sour addr: 2.2.3.1/0.0.0.0
dest addr: 2.2.2.1/0.0.0.0
[Inbound ESP SAs]
SPI: 3769702703 (0xe0b1192f)
Connection ID: 1
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 3000/28800
SA remaining duration (kilobytes/sec): 2300/797
Max received sequence-number: 1
Anti-replay check enable: N
Anti-replay window size:
UDP encapsulation used for NAT traversal: N
Status: Active
[Outbound ESP SAs]
SPI: 3840956402 (0xe4f057f2)
Connection ID: 2
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 3000/28800
SA remaining duration (kilobytes/sec): 2312/797
Max sent sequence-number: 1
UDP encapsulation used for NAT traversal: N
Status: Active
Configuring an IKE-based IPsec tunnel for IPv6 packets
Network requirements
As shown in
flows between subnet 333::/64 and subnet 555::/64. Configure the IPsec tunnel as follows:
•
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption
algorithm as 128-bit AES, and the authentication algorithm as HMAC-SHA1.
•
Set up SAs through IKE negotiation.
Figure 104 Network diagram
Router A
GE2/0/2
111::1/64
GE2/0/1
333::1/64
Host A
333::3/64
Figure
104, establish an IPsec tunnel between Router A and Router B to protect data
Internet
port: 0
protocol: ip
port: 0
protocol: ip
Router B
GE2/0/2
222::1/64
GE2/0/1
555::1/64
Host B
555::5/64
320
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
