EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #275 background imageLoading...
Page #275 background image
264
IPsec for IPv6 routing protocols
You can use IPsec to protect routing information and defend against attacks for these IPv6 routing
protocols: The 3600 v2 EI switches support using IPsec for OSPFv3, IPv6 BGP, and RIPng; the 3600 v2
SI switches only support using IPsec for RIPng.
IPsec enables these IPv6 routing protocols to encapsulate outbound protocol packets and de-encapsulate
inbound protocol packets with the AH or ESP protocol. If an inbound protocol packet is not IPsec
protected, or fails to be de-encapsulated, for example, due to decryption or authentication failure, the
routing protocol discards that packet.
You must manually configure SA parameters in an IPsec policy for IPv6 routing protocols. The IKE key
exchange mechanism is applicable only to one-to-one communications. IPsec cannot implement
automatic key exchange for one-to-many communications on a broadcast network, where routers must
use the same SA parameters (SPI and key) to process packets for a routing protocol.
Protocols and standards
Protocols and standards relevant to IPsec are as follows:
• RFC 2401, Security Architecture for the Internet Protocol
• RFC 2402, IP Authentication Header
• RFC 2406, IP Encapsulating Security Payload
• RFC 4552, Authentication/Confidentiality for OSPFv3
Configuring IPsec for IPv6 routing protocols
The following is the generic configuration procedure for configuring IPsec for IPv6 routing protocols:
1. Configure an IPsec proposal to specify the security protocols, authentication and encryption
algorithms, and encapsulation mode.
2. Configure a manual IPsec policy to specify the keys and SPI.
3. Apply the IPsec policy to an IPv6 routing protocol.
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Task Remarks
Configuring an IPsec proposal Required
Configuring an IPsec policy Required
Applying an IPsec policy to an IPv6 routing
protocol
Required
See Layer 3—IP Routing Configuration Guide.
Configuring an IPsec proposal
An IPsec proposal, part of an IPsec policy or an IPsec profile, defines the security parameters for IPsec SA
negotiation, including the security protocol, the encryption and authentication algorithms, and the
encapsulation mode.
Follow these steps to configure an IPsec proposal:

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals