Configuring An Ipsec Policy - Huawei AR1200 series Configuration Manual

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
By default, the ESP protocol defined in RFC 2406 is used.
Step 4 (Optional) Run:
ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }
The authentication algorithm used by AH is configured.
By default, AH uses the MD5 authentication algorithm.
Step 5 (Optional) Run:
esp authentication-algorithm [ md5 | sha1 | sha2-256 | sha2-384 | sha2-512 ]
The authentication algorithm used by ESP is configured.
By default, ESP uses the MD5 authentication algorithm.
Step 6 (Optional) Run:
esp encryption-algorithm { 3des | des | aes-128 | aes-192 | aes-256 }
The encryption algorithm used by ESP is configured.
By default, ESP uses the DES encryption algorithm.
Step 7 (Optional) Run:
encapsulation-mode { transport | tunnel }
The packet encapsulation mode is configured.
By default, the security protocol uses the tunnel mode to encapsulate IP packets.
----End

5.4.6 Configuring an IPSec Policy

After configuring an IKE peer, apply it to an IPSec policy. Then the two ends can start IKE
negotiation.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec policy policy-name seq-number isakmp [ template template-name ]
An IPSec policy is created.
Step 3 Run:
proposal proposal-name
An IPSec proposal is applied to the IPSec policy.
An IPSec policy that uses IKE negotiation can reference a maximum of six IPSec proposals.
During IKE negotiation, the two ends of the IPSec tunnel use the IPSec proposals with the same
parameter settings first.
Step 4 Run:
security acl acl-number
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
297