238
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure the DF bit of
IPsec packets on the
interface.
ipsec df-bit { clear | copy | set }
By default, the interface uses the
global DF bit setting.
To configure the DF bit of IPsec packets globally:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the DF bit of
IPsec packets globally.
ipsec global-df-bit { clear | copy | set }
By default, IPsec copies the DF bit
in the original IP header to the
new IP header.
Configuring IPsec for IPv6 routing protocols
Configuration task list
Complete the following tasks to configure IPsec for IPv6 routing protocols:
Tasks at a
lance
(Required.) Configuring an IPsec transform set
(Required.) Configuring a manual IPsec profile
(Required.) Applying the IPsec profile to an IPv6 routing protocol (see Layer 3—IP Routing Configuration Guide)
(Optional.) Enabling logging of IPsec packets
(Optional.) Configuring SNMP notifications for IPsec
Configuring a manual IPsec profile
An IPsec profile is similar to an IPsec policy. The difference is that an IPsec profile is uniquely identified
by a name and it does not support ACL configuration. An IPsec profile defines the IPsec transform set
used for protecting data flows, and specifies SPIs and the keys used by the SAs.
The IPsec profile configurations at the two tunnel ends must meet the following requirements:
• The IPsec transform set referenced by the IPsec profile at the two tunnel ends must have the same
security protocol, encryption and authentication algorithms, and packet encapsulation mode.
• The local inbound and outbound IPsec SAs must have the same SPI and key.
• The IPsec SAs on the devices in the same scope must have the same key. The scope is defined by
protocols. For OSPF, the scope consists of OSPF neighbors or an OSPF area. For RIPng, the scope
To Next Page
Loading...
