Huawei AR1200 series Configuration Manual page 327
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Procedure
Step 1 Configure IP addresses for the interfaces on RouterA and RouterB.
# Assign an IP address to the interface of RouterA.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.163.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
# Assign an IP address to the interface of RouterB.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.162.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
Step 2 Configure ACLs on RouterA and RouterB to define the data flows to be protected.
# Configure an ACL on RouterA.
[Huawei] acl number 3101
[Huawei-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
[Huawei-acl-adv-3101] quit
# Configure an ACL on RouterB.
[Huawei] acl number 3101
[Huawei-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0
0.0.0.255
[Huawei-acl-adv-3101] quit
Step 3 Configure static routes to the peers on RouterA and RouterB.
# Configure a static route to the peer on RouterA. In this example, the next hop to PCB is
202.138.163.2.
[Huawei] ip route-static 10.1.2.0 255.255.255.0 202.138.163.2
# Configure a static route to the peer on RouterB. In this example, the next hop to PCA is
202.138.162.2.
[Huawei] ip route-static 10.1.1.0 255.255.255.0 202.138.162.2
Step 4 Create an IPSec proposal on RouterA and RouterB.
# Create the IPSec proposal on RouterA.
[Huawei] ipsec proposal tran1
[Huawei-ipsec-proposal-tran1] esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1] quit
# Create the IPSec proposal on RouterB.
[Huawei] ipsec proposal tran1
[Huawei-ipsec-proposal-tran1] esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1] quit
Run the display ipsec proposal command on RouterA and RouterB to view the configuration
of the IPSec proposal. Take the display on RouterA as an example.
[Huawei] display ipsec proposal
Number of Proposals: 1
IPsec proposal name: tran1
Encapsulation mode: Tunnel
Issue 01 (2012-04-20)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
316
Hide quick links:
Advertisement
Table of Contents
