Applying An Ipsec Policy To An Interface - Huawei AR1200 series Configuration Manual
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Step 8 Run:
sa spi outbound { ah | esp } spi-number
The SPI of the outbound SA is configured.
l When configuring an SA, set both inbound and outbound parameters.
l The SA parameters on two ends of a tunnel must match each other. The inbound SPI of the local end must
Step 9 Run:
sa authentication-hex { inbound | outbound } { ah | esp } hex-key
The authentication key (a hexadecimal number) of the security protocol is configured.
Step 10 Run:
sa string-key { inbound | outbound } { ah | esp } string-key
The authentication key (a character string) of the security protocol is configured.
Use the same key format on the two ends. For example, if the key on one end is a character string
but the key on the other end is a hexadecimal number, the IPSec tunnel cannot be established.
If you configure the keys in different formats, the last configured key takes effect.
Step 11 Run:
sa encryption-hex { inbound | outbound } esp hex-key
The encryption key (a hexadecimal number) is configured for ESP.
Step 12 (Optional) Run:
sa binding vpn-instance vpn-instance-name
A VPN instance is associated with the SA.
----End
5.3.5 Applying an IPSec Policy to an Interface
A manually configured IPSec policy can be applied to only one interface.
Issue 01 (2012-04-20)
NOTE
The security protocol must be the same as the security protocol specified in the transform command in
5.3.3 Configuring an IPSec
ah and esp protocols must be configured in the sa spi command.
NOTE
be the same as the outbound SPI of the remote end, and the outbound SPI of the local end must be the same
as the inbound SPI of the remote end.
CAUTION
NOTE
l If the AH protocol is specified, run either the sa authentication-hex or sa string-key command.
l If the ESP protocol is specified, run one of the sa authentication-hex, sa string-key, and sa
encryption-hex commands.
l To manually create an IPSec tunnel, use the sa spi command together with the sa authentication-
hex, sa string-key, or sa encryption-hex command.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Proposal. If the security protocol specified in transform is ah-esp, both the
5 IPSec Configuration
290
Hide quick links:
Advertisement
Table of Contents
