Configuring Ipsec For Ripng - HP MSR Series Configuration Manual

Hpe flexnetwork msr router series
Hide thumbs Also See for MSR Series:
Table of Contents

Advertisement

Configuring IPsec for RIPng

Network requirements
As shown in
Establish an IPsec tunnel between the routers to protect the RIPng packets transmitted in between.
Specify the security protocol as ESP, the encryption algorithm as 128-bit AES, and the authentication
algorithm as HMAC-SHA1 for the IPsec tunnel.
Figure 105 Network diagram
Requirements analysis
To meet the network requirements, perform the following tasks:
1.
Configure basic RIPng.
For more information about RIPng configuration, see Layer 3—IP Routing Configuration Guide.
2.
Configure an IPsec profile.
The IPsec profiles on all the routers must have IPsec transform sets that use the same
security protocol, authentication and encryption algorithms, and encapsulation mode.
The SPI and key configured for the inbound SA and those for the outbound SA must be the
same on each router.
The SPI and key configured for the SAs on all the routers must be the same.
3.
Apply the IPsec profile to a RIPng process or to an interface.
Configuration procedure
1.
Configure Router A:
# Configure IPv6 addresses for interfaces. (Details not shown.)
# Configure basic RIPng.
<RouterA> system-view
[RouterA] ripng 1
[RouterA-ripng-1] quit
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] ripng 1 enable
[RouterA-GigabitEthernet2/0/1] quit
# Create and configure the IPsec transform set named tran1.
[RouterA] ipsec transform-set tran1
[RouterA-ipsec-transform-set-tran1] encapsulation-mode transport
[RouterA-ipsec-transform-set-tran1] protocol esp
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-tran1] quit
# Create and configure the IPsec profile named profile001.
[RouterA] ipsec profile profile001 manual
[RouterA-ipsec-profile-profile001] transform-set tran1
[RouterA-ipsec-profile-profile001] sa spi outbound esp 123456
[RouterA-ipsec-profile-profile001] sa spi inbound esp 123456
Figure
105, Router A, Router B, and Router C learn IPv6 routes through RIPng.
324

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents