359
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication
algorithm to SHA1.
[SwitchB-ipsec-transform-set-tran2] esp encryption-algorithm des
[SwitchB-ipsec-transform-set-tran2] esp authentication-algorithm sha1
[SwitchB-ipsec-transform-set-tran2] quit
# Create IPsec profile named policy002, and specify the manual mode for it.
[SwitchB] ipsec profile policy002 manual
# Use IPsec transform set tran2.
[SwitchB-ipsec-profile-policy002-manual] transform-set tran2
# Set the SPIs of the inbound and outbound SAs to 54321.
[SwitchB-ipsec-profile-policy002-manual] sa spi outbound esp 54321
[SwitchB-ipsec-profile-policy002-manual] sa spi inbound esp 54321
# Set the keys for the inbound and outbound SAs using ESP to gfedcba.
[SwitchB-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba
[SwitchB-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba
[SwitchB-ipsec-profile-policy002-manual] quit
# On Switch C, create an IPsec transform set named tran2.
[SwitchC] ipsec transform-set tran2
# Set the encapsulation mode to transport mode.
[SwitchC-ipsec-transform-set-tran2] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication
algorithm to SHA1.
[SwitchC-ipsec-transform-set-tran2] esp encryption-algorithm des
[SwitchC-ipsec-transform-set-tran2] esp authentication-algorithm sha1
[SwitchC-ipsec-transform-set-tran2] quit
# Create IPsec profile named policy002, and specify the manual mode for it.
[SwitchC] ipsec profile policy002 manual
# Use IPsec transform set tran2.
[SwitchC-ipsec-profile-policy002-manual] transform-set tran2
# Set the SPIs of the inbound and outbound SAs to 54321.
[SwitchC-ipsec-profile-policy002-manual] sa spi outbound esp 54321
[SwitchC-ipsec-profile-policy002-manual] sa spi inbound esp 54321
# Set the keys for the inbound and outbound SAs using ESP to gfedcba.
[SwitchC-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba
[SwitchC-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba
[SwitchC-ipsec-profile-policy002-manual] quit
5. Configure IPsec to protect IPv6 BGP packets between Switch A and Switch B:
# Configure Switch A.
[SwitchA] bgp 65008
[SwitchA-bgp-default] peer 1::2 ipsec-profile policy001
[SwitchA-bgp-default] quit
# Configure Switch B.
[SwitchB] bgp 65008
[SwitchB-bgp-default] peer 1::1 ipsec-profile policy001
[SwitchB-bgp-default] quit
6. Configure IPsec to protect IPv6 BGP packets between Router B and Switch C:
# Configure Switch C.