Huawei AR1200 series Configuration Manual page 316

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Context
An IPSec tunnel interface encapsulates the IPSec header into packets. To make a configured
IPSec profile take effect, configure an IPSec tunnel interface and apply the IPSec profile to the
IPSec tunnel interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
The tunnel interface view is displayed.
Step 3 Run:
ip address
An IPv4 address is configured for the tunnel interface.
Step 4 Run:
tunnel-protocol { gre [
The encapsulation mode is set for the tunnel interface.
Step 5 Run:
source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type
interface-number
The source address is configured for the tunnel interface.
Step 6 (Optional) Run:
destination dest-ip-address
The destination address is configured for the tunnel interface.
If the encapsulation mode of a tunnel interface is set to IPSec, you only need to configure the
destination address for one IKE peer. If the encapsulation mode of a tunnel interface is set to
GRE, you need to configure destination addresses for both IKE peers.
Step 7 Run:
ipsec profile profile-name
An IPSec profile is applied to the tunnel interface.
By default, no IPSec profile is applied to an interface.
----End
Issue 01 (2012-04-20)
NOTE
A tunnel interface can be bound to an IPSec profile only when the encapsulation mode of the tunnel interface
is set to IPSec, GRE, or Multipoint GRE (MGRE).
}
NOTE
It is recommended that you specify the interface type and number for source. If you specify an IP address
that is dynamically assigned to an interface, the IPSec configuration may fail to be restored because of
invalid source address.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
p2mp ] | ipsec | ipv4-ipv6 | none }
5 IPSec Configuration
305