Defining Data Flows To Be Protected; Configuring An Ike Proposal - Huawei quidway s7700 Configuration Manual

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
No.
3
4
5
6
7
8

4.4.2 Defining Data Flows to Be Protected

IPSec can protect different data flows. In actual applications, you need to configure an ACL to
define the data flows to be protected and apply the ACL to a security policy to protect the data
flows.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto }]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
----End

4.4.3 Configuring an IKE Proposal

You can create multiple IKE proposals with different priority levels. The two ends must have
at least one matching IKE proposal for IKE negotiation.
Issue 01 (2011-07-15)
Data
IKE peer name, negotiation mode, IKE proposal name, IKE peer ID type, pre-
shared key, remote address, (optional) VPN instance bound to the IPSec
tunnel,and remote host name
IPSec proposal name, security protocol, authentication algorithm of AH,
authentication algorithm and encryption algorithm of ESP, and packet
encapsulation mode
Name and sequence number of the IPSec policy, (optional) Perfect Forward
Secrecy (PFS) feature used in IKE negotiation
(Optional) Name of the IPSec policy template
(Optional) Local address of the IPSec policy group, time-based global SA
lifetime, traffic-based global SA lifetime, interval for sending keepalive packets,
timeout inertial of keepalive packets, and interval for sending NAT update packets
Type and number of the interface to which the IPSec policy is applied
NOTE
You can use the AH or ESP protocol according to the actual situation.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
120