Implementing Acl-Based Ipsec; Configuring An Acl - HP 12500 Series Configuration Manual

Routing
Table of Contents

Advertisement

(see
"Implementing ACL-based
implementing IPsec flexibly.
Application-based IPsec protects the packets of a service. This IPsec implementation method can be
used to protect IPv6 routing protocols. It does not require any ACL, nor does it depend on the
routing mechanism. To configure service-based IPsec, configure manual IPsec policies and bind the
policies to an IPv6 routing protocol. See
ACL-based IPsec is available for both IPv4 and IPv6 packets, and the configuration procedures are the
same for IPv4 and IPv6.

Implementing ACL-based IPsec

This feature is available only for FIPS mode.
The following is the generic configuration procedure for implementing ACL-based IPsec:
Configure an ACL for identifying data flows to be protected.
1.
Configure IPsec proposals to specify the security protocols, authentication and encryption
2.
algorithms, and encapsulation mode.
Configure an IPsec policy group to associate data flows with the IPsec proposals and specify the
3.
SA negotiation mode, the peer IP addresses (the start and end points of the IPsec path), the
required keys, and the SA lifetime.
Apply the IPsec policies to interfaces to finish IPsec configuration.
4.
Complete the following tasks to configure ACL-based IPsec:
Task

Configuring an ACL

Configuring an IPsec proposal
Configuring an IPsec policy
Applying an IPsec policy group to an interface
Configuring the IPsec session idle timeout
Enabling ACL checking of de-encapsulated IPsec packets
Configuring the IPsec anti-replay function
Configuring packet information pre-extraction
Enabling invalid SPI recovery
Configuring IPsec RRI
Typically, IKE uses UDP port 500 for communication, and AH and ESP use the protocol numbers 51 and
50 respectively. Make sure that flows of these protocols are not denied on the interfaces with IKE or IPsec
configured.
Configuring an ACL
ACLs can be used to identify traffic. They are widely used in scenarios where traffic identification is
desired, such as QoS and IPsec.
IPsec"). By using ACLs, you can customize IPsec policies as needed,
"Configuring IPsec for IPv6 routing
169
protocols."
Remarks
Required.
Basic IPsec configuration.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.

Advertisement

Table of Contents
loading

Table of Contents