Configuring An Ike Peer - Huawei quidway s7700 Configuration Manual
Smart routing switch
Hide thumbs
Also See for quidway s7700:
- Configuration manual (833 pages) ,
- Configuration manual - ethernet (648 pages) ,
- Configuration manual - multicast (551 pages)
Table of Contents
Advertisement
Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ike proposal proposal-number
An IKE proposal is created and the IKE proposal view is displayed.
The IKE negotiation succeeds only when the two ends use the IKE proposals with the same
settings.
Step 3 Run:
encryption-algorithm { des-cbc |3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-
cbc-256 }
The encryption algorithm is configured.
Step 4 (Optional) Run:
authentication-method pre-share
Pre-shared key authentication is configured.
When pre-shared key authentication is configured, you must set the same pre-shared key on the
IKE peers.
When pre-shared key authentication is configured, an authenticator must be configured.
Step 5 Run:
authentication-algorithm { md5 | sha1 }
The authentication algorithm is configured.
Step 6 (Optional) Run:
dh { group1 | group2 }
The Diffie-Hellman group is specified.
Step 7 (Optional) Run:
prf { hmac-md5 | hmac-sha1 }
The algorithm used to generate the pseudo random number is specified.
Step 8 Run:
sa duration interval
The SA lifetime is set.
If the lifetime expires, the IKE SA is automatically updated.
You can set the lifetime only for the SAs established through IKE negotiation. The lifetime of
manually created SAs is not limited. That is, the manually created SAs are always effective.
----End
4.4.4 Configuring an IKE Peer
Issue 01 (2011-07-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
121
Advertisement
Table of Contents
