Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
authentication-method { pre-share | rsa-signature }
The authentication method used by an IKE proposal is configured.
By default, an IKE proposal uses pre-shared key authentication.
Step 5 (Optional) Run:
authentication-algorithm { md5 | sha1 | aes_xcbc_mac_96 }
The authentication algorithm is configured.
By default, an IKE proposal uses the SHA-1 algorithm.
Step 6 (Optional) Run:
dh { group1 | group2 | group5 | group14 }
The Diffie-Hellman group is specified.
Step 7 (Optional) Run:
prf { hmac-md5 | hmac-sha1 | aes_xcbc_128 }
The algorithm used to generate the pseudo random number is specified.
Step 8 (Optional) Run:
sa duration interval
The SA lifetime is set.
If the lifetime expires, the IKE SA is automatically updated.
You can set the lifetime only for the SAs established through IKE negotiation. The lifetime of
manually created SAs is not limited. That is, the manually created SAs are always effective.
----End
5.4.4 Configuring an IKE Peer
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ike peer peer-name [ v1 | v2 ]
An IKE peer is created and the IKE peer view is displayed.
Step 3 (Optional) Run:
exchange-mode { main | aggressive }
The IKE negotiation mode is configured.
In aggressive mode, the local ID type must be set to ip or name in step 5. In main mode, the
local ID type must be set to ip.
If the IKE peer uses IKEv2, skip this step.
Step 4 (Optional) Run:
Issue 01 (2012-04-20)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
294