Configuring An Ipsec Profile - Huawei AR1200 series Configuration Manual

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Applicable Environment
An IPSec profile simplifies IPSec policy management. After an IPSec profile is applied to an
IPSec tunnel interface, only one IPSec tunnel is generated and this tunnel protects all the data
flows passing through the IPSec tunnel interface.
Pre-configuration Tasks
Before establishing an IPSec tunnel using an IPSec tunnel interface, complete the following
tasks:
l
l
Data Preparation
To establish an IPSec tunnel using an IPSec tunnel interface, you need the following data.
No.
1
2
3
4
5

5.5.2 Configuring an IPSec Profile

An IPSec profile simplifies IPSec policy management.
Context
An IPSec profile defines the IKE peer, IPSec proposal, SA lifetime, and Perfect Forward Secrecy
(PFS). To ensure successful IKE negotiation, parameters in the IPSec profile on the local end
and remote end must match.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
Issue 01 (2012-04-20)
Setting link layer protocol parameters and IP addresses for interfaces to ensure that the link
layer protocol on the interfaces is Up
Configuring routes between the source and the destination
Data
IPSec proposal name, security protocol, authentication algorithm of AH,
authentication algorithm and encryption algorithm of ESP, packet encapsulation
mode, and PFS feature
IKE peer name, negotiation mode, IKE proposal name, IKE peer ID type, pre-
shared key
SA lifetime and global SA lifetime
Number, IP address, and source and destination IP addresses of the IPSec tunnel
interface
Number of the IPSec tunnel interface to which an IPSec profile is applied
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
303