196
# Execute the display ipsec sa command on Router A to view the information about the
inbound and outbound SAs.
<RouterA> display ipsec sa
===============================
Protocol: RIPng
===============================
-----------------------------
IPsec policy name: "policy001"
sequence number: 10
acl version: none
mode: manual
-----------------------------
PFS: N, DH group: none
tunnel:
flow:
[inbound ESP SAs]
spi: 0x3039(123456)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Transport
connection id: 13
No duration limit for this sa
[outbound ESP SAs]
spi: 0x3039(123456)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Transport
connection id: 14
No duration limit for this sa
Similarly, you can view the information on Router B and Router C. (Details not shown.)
Configuring IPsec RRI
Network requirements
As shown in Figure 63, configure an IPsec tunnel between Router A and Router B to protect the traffic
between the headquarters and the branch. Configure the tunnel to use the security protocol ESP, the
encryption algorithm DES, and the authentication algorithm SHA1-HMAC-96. Use IKE for automatic
SA negotiation.
Configure IPsec RRI on Router A to automatically create a static route to the branch based on the
established IPsec SAs. Specify the next hop of the route as 1.1.1.2.
To Next Page
Loading...
