Configuring Ipsec For Ipv6 Routing Protocols - HP 12500 Series Configuration Manual

destination have different preference values, the route with the highest preference forwards traffic
and all other routes are backup routes.
Change their tag value so the gateway can control the use of the static routes based on routing
•
policies.
To configure IPsec RRI:
Step
1. Enter system view.
2. Enter IPsec policy view.
3. Enable IPsec RRI.
4. Change the preference of
the static routes created by
IPsec RRI.
5. Set a tag for the static
routes created by IPsec RRI.
IPsec RRI can operate in both tunnel mode and transport mode.
When you change the route attributes, static IPsec RRI deletes all static routes it has created and creates
new static routes. In contrast, dynamic IPsec RRI applies the new attributes only to subsequent static routes.
It does not delete or modify static routes it has created.

Configuring IPsec for IPv6 routing protocols

Complete the following tasks to configure IPsec for IPv6 routing protocols:
Task
Configuring an IPsec proposal
Configuring a manual IPsec policy
Applying an IPsec policy to an IPv6 routing
protocol
IMPORTANT:
Do not apply an IPsec policy used for an IPv6 routing protocol to an interface. If you do so, the interface
will drop all packets, because the IPsec policy references no ACL.
Command
system-view
ipsec policy policy-name seq-number
[ isakmp | manual ]
reverse-route [ remote-peer ip-address
[ gateway | static ] | static ]
reverse-route preference
preference-value
reverse-route tag tag-value
Remarks
Required.
Required.
ACLs and IPsec tunnel addresses are not needed.
Required.
See Layer 3—IP Routing Configuration Guide.
182
Remarks
N/A
The isakmp keyword is available
only for FIPS mode.
Disabled by default.
To enable static IPsec RRI, specify
the static keyword. If the keyword
is not specified, dynamic IPsec RRI
is enabled.
Optional.
60 by default.
This command is available only
for FIPS mode.
Optional.
0 by default.
This command is available only
for FIPS mode.