Huawei AR1200 series Configuration Manual page 328
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Transform
ESP protocol
Step 5 Create IPSec policies on RouterA and RouterB.
# Create an IPSec policy on RouterA.
[Huawei] ipsec policy map1 10 manual
[Huawei-ipsec-policy-manual-map1-10] security acl 3101
[Huawei-ipsec-policy-manual-map1-10] proposal tran1
[Huawei-ipsec-policy-manual-map1-10] tunnel remote 202.138.162.1
[Huawei-ipsec-policy-manual-map1-10] tunnel local 202.138.163.1
[Huawei-ipsec-policy-manual-map1-10] sa spi outbound esp 12345
[Huawei-ipsec-policy-manual-map1-10] sa spi inbound esp 54321
[Huawei-ipsec-policy-manual-map1-10] sa string-key outbound esp abcdefg
[Huawei-ipsec-policy-manual-map1-10] sa string-key inbound esp gfedcba
[Huawei-ipsec-policy-manual-map1-10] quit
# Create an IPSec policy on RouterB.
[Huawei] ipsec policy use1 10 manual
[Huawei-ipsec-policyl-manual-use1-10] security acl 3101
[Huawei-ipsec-policyl-manual-use1-10] proposal tran1
[Huawei-ipsec-policyl-manual-use1-10] tunnel remote 202.138.163.1
[Huawei-ipsec-policyl-manual-use1-10] tunnel local 202.138.162.1
[Huawei-ipsec-policyl-manual-use1-10] sa spi outbound esp 54321
[Huawei-ipsec-policyl-manual-use1-10] sa spi inbound esp 12345
[Huawei-ipsec-policyl-manual-use1-10] sa string-key outbound esp gfedcba
[Huawei-ipsec-policyl-manual-use1-10] sa string-key inbound esp abcdefg
[Huawei-ipsec-policyl-manual-use1-10] quit
Run the display ipsec policy command on RouterA and RouterB to view the configurations of
the IPSec policies. Take the display on RouterA as an example.
[Huawei] display ipsec policy
===========================================
IPsec Policy Group: "map1"
Using interface: {}
===========================================
Step 6 Apply the IPSec policies to the interfaces of RouterA and RouterB.
# Apply the IPSec policy to the interface of RouterA.
Issue 01 (2012-04-20)
: esp-new
: Authentication SHA1-HMAC-96
Encryption
Sequence number: 10
Security data flow: 3101
Tunnel local
address: 202.138.163.1
Tunnel remote address: 202.138.162.1
Proposal name:tran1
Inbound AH setting:
AH SPI:
AH string-key:
AH authentication hex key:
Inbound ESP setting:
ESP SPI: 54321 (0xd431)
ESP string-key: gfedcba
ESP encryption hex key:
ESP authentication hex key:
Outbound AH setting:
AH SPI:
AH string-key:
AH authentication hex key:
Outbound ESP setting:
ESP SPI: 12345 (0x3039)
ESP string-key: abcdefg
ESP encryption hex key:
ESP authentication hex key:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DES
5 IPSec Configuration
317
Hide quick links:
Advertisement
Table of Contents
