SV-80603r1_rule
V-66113
SRG-NET-000168-RTR-000078
HFFS-RT-000012
CAT II
10
Configure the HP FlexFabric Switch to authenticate OSPFv3 packets:
[HP]ipsec transform-set jitcipsecprop
[HP-ipsec-transform-set-jitcipsecprop]
[HP-ipsec-transform-set-jitcipsecprop] ipsec transform-set jitcipsecprop
[HP-ipsec-transform-set-jitcipsecprop] encapsulation-mode transport
[HP-ipsec-transform-set-jitcipsecprop] esp encryption-algorithm aes-cbc-256
[HP-ipsec-transform-set-jitcipsecprop] esp authentication-algorithm sha1
[HP-ipsec-transform-set-jitcipsecprop] quit
[HP] ipsec profile jitc manual
[HP-ipsec-profile-manual-jitc]
[HP-ipsec-profile-manual-jitc] ipsec profile jitc manual
[HP-ipsec-profile-manual-jitc] transform-set jitcipsecprop
[HP-ipsec-profile-manual-jitc] sa spi inbound esp 256
[HP-ipsec-profile-manual-jitc] sa string-key inbound esp simple test123
[HP-ipsec-profile-manual-jitc] sa spi outbound esp 256
[HP-ipsec-profile-manual-jitc] sa string-key outbound esp simple test123
[HP-ipsec-profile-manual-jitc] quit
[HP] interface gigabitethernet 0/1
[HP--GigabitEthernet0/1] ospfv3 ipsec-profile jitc
Verify the HP FlexFabric Switch configuration to ensure that it is using a NIST validated FIPS 140-2 cryptography encryption mechanism by implementing OSPFv3 with IPsec.
[HP] display current-configuration interface
interface GigabitEthernet0/0
port link-mode route
description R1 ACTIVE
combo enable copper
ospfv3 200 area 0.0.0.0
ospfv3 ipsec-profile jitc
ipv6 address 2115:B:1::3E/126
If the routing protocol authentication mechanism is not a validated FIPS 140-2 cryptography, this is a finding.
Note: OSPFv3 requires IPsec to enable authentication using either the IPv6 Authentication Header (AH) or the Encapsulating Security Payload (ESP) header.
V-66113
False
HFFS-RT-000012
Verify the HP FlexFabric Switch configuration to ensure that it is using a NIST validated FIPS 140-2 cryptography encryption mechanism by implementing OSPFv3 with IPsec.
[HP] display current-configuration interface
interface GigabitEthernet0/0
port link-mode route
description R1 ACTIVE
combo enable copper
ospfv3 200 area 0.0.0.0
ospfv3 ipsec-profile jitc
ipv6 address 2115:B:1::3E/126
If the routing protocol authentication mechanism is not a validated FIPS 140-2 cryptography, this is a finding.
Note: OSPFv3 requires IPsec to enable authentication using either the IPv6 Authentication Header (AH) or the Encapsulating Security Payload (ESP) header.
M
2979