Configuring An Ipsec Policy - Huawei quidway s7700 Configuration Manual

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
Step 4 (Optional) Run:
ah authentication-algorithm { md5 | sha1 }
The authentication algorithm used by AH is configured.
Step 5 (Optional) Run:
esp authentication-algorithm [ md5 | sha1 ]
The authentication algorithm used by ESP is configured.
By default, both ESP and AH use the MD5 authentication algorithm.
You can configure the authentication and encryption algorithms only after selecting a security
protocol through the transform command. For example, if ESP is selected, you can configure
the authentication and encryption algorithms for ESP rather than AH.
Step 6 (Optional) Run:
esp encryption-algorithm [ 3des | des | aes-128 | aes-192 | aes-256 ]
The encryption algorithm used by ESP is configured.
By default, ESP uses the DES encryption algorithm.
Step 7 (Optional) Run:
encapsulation-mode { transport | tunnel }
The packet encapsulation mode is configured.
By default, the tunnel mode is used.
----End

4.3.4 Configuring an IPSec Policy

After establishing an IPSec tunnel manually, you need to configure an IPSec policy for the
tunnel.
Context
When configuring SA parameters SPI, string authentication key (string-key), hexadecimal
authentication key (authentication-hex), and hexadecimal encryption key (encryption-hex) on
two ends of an IPSec tunnel, ensure that the inbound parameters on the local end are the same
as the outbound parameters on the remote end, and the outbound parameters on the local end
are the same as the inbound parameters on the remote end.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
Issue 01 (2011-07-15)
CAUTION
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
116