HP FlexNetwork 10500 Series Security Configuration Manual page 325

# Create and configure the IPsec profile named profile001.
[SwitchC] ipsec profile profile001 manual
[SwitchC-ipsec-profile-profile001] transform-set tran1
[SwitchC-ipsec-profile-profile001] sa spi outbound esp 123456
[SwitchC-ipsec-profile-profile001] sa spi inbound esp 123456
[SwitchC-ipsec-profile-profile001] sa string-key outbound esp simple abcdefg
[SwitchC-ipsec-profile-profile001] sa string-key inbound esp simple abcdefg
[SwitchC-ipsec-profile-profile001] quit
# Apply the IPsec profile to RIPng process 1.
[SwitchC] ripng 1
[SwitchC-ripng-1] enable ipsec-profile profile001
[SwitchC-ripng-1] quit
Verifying the configuration
After the configuration is completed, Switch A, Switch B, and Switch C learn IPv6 routing information
through RIPng. IPsec SAs are set up successfully on the switches to protect RIPng packets. This
example uses Switch A to verify the configuration.
# Use the display ripng command to display the RIPng configuration. The output shows that the
IPsec profile profile001 has been applied to RIPng process 1.
[SwitchA] display ripng 1
RIPng process : 1
Preference : 100
Checkzero : Enabled
Default Cost : 0
Maximum number of balanced paths : 8
Update time
Suppress time :
Number of periodic updates sent : 186
Number of trigger updates sent : 1
IPsec profile name: profile001
# Use the display ipsec sa command to display the established IPsec SAs.
[SwitchA] display ipsec sa
-------------------------------
Global IPsec SA
-------------------------------
-----------------------------
IPsec profile: profile001
Mode: manual
-----------------------------
Encapsulation mode: transport
[Inbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
No duration limit for this SA
[Outbound ESP SA]
SPI: 123456 (0x3039)
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
: 30 sec(s) Timeout time
120 sec(s) Garbage-Collect time :
311
: 180 sec(s)
120 sec(s)