Ipsec Configuration - Huawei quidway s7700 Configuration Manual

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
About This Chapter
This chapter describes how to ensure confidentiality and integrity of data and prevent replay of
data packets on a network through data encryption and data source authentication at the IP layer.
Internet Key Exchange (IKE) provides the mechanism of negotiating keys and establishing
security associations (SAs) to simplify the usage and management of IPSec.
4.1 IPSec Overview
The IP Security (IPSec) protocol family is a series of protocols defined by the Internet
Engineering Task Force (IETF). This protocol family provides high quality, interoperable, and
cryptology-based security for IP packets. Communicating parties can encrypt data and
authenticate the data source at the IP layer to ensure confidentiality and integrity of data and
prevent replay of data packets on a network.
4.2 IPSec Features Supported by the SPU
The SPU supports IPSec tunnel established in manual mode or IKE negotiation mode.
4.3 Establishing an IPSec Tunnel Manually
You can establish IPSec tunnels manually when the network topology is simple.
4.4 Establishing an IPSec Tunnel Through IKE Negotiation
IKE provides an automatic protection mechanism to distribute keys, authenticate the identity,
and set up SAs on an insecure network.
4.5 Maintaining IPSec
This section describes how to display the IPSec configuration and clear the IPSec statistics.
4.6 Configuration Examples
This section provides several configuration examples of IPSec.
Issue 01 (2011-07-15)
4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

IPSec Configuration

4 IPSec Configuration
111