-----------------------------
IPsec policy: map1
Sequence number: 10
Mode: isakmp
-----------------------------
Tunnel id: 0
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Path MTU: 1443
Tunnel:
local
remote address: 2.2.2.1
Flow:
sour addr: 2.2.3.1/0.0.0.0
dest addr: 2.2.2.1/0.0.0.0
[Inbound ESP SAs]
SPI: 3769702703 (0xe0b1192f)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 3000/28800
SA remaining duration (kilobytes/sec): 2300/797
Max received sequence-number: 1
Anti-replay check enable: N
Anti-replay window size:
UDP encapsulation used for NAT traversal: N
Status: active
[Outbound ESP SAs]
SPI: 3840956402 (0xe4f057f2)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 3000/28800
SA remaining duration (kilobytes/sec): 2312/797
Max sent sequence-number: 1
UDP encapsulation used for NAT traversal: N
Status: active
Configuring an IKE-based IPsec tunnel for IPv6 packets
Network requirements
As shown in
between subnet 333::/64 and subnet 555::/64. Configure the IPsec tunnel as follows:
Specify the encapsulation mode as tunnel, the security protocol as ESP, the encryption algorithm as
•
128-bit AES, and the authentication algorithm as HMAC-SHA1.
Set up SAs through IKE negotiation.
•
address: 2.2.3.1
Figure
46, establish an IPsec tunnel between Router A and Router B to protect data flows
port: 0
protocol: IP
port: 0
protocol: IP
167