Huawei AR1200 series Configuration Manual page 334
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Step 7 Apply the IPSec policies to the interfaces of RouterA and RouterB.
# Apply the IPSec policy to the interface of RouterA.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy map1
[Huawei-Ethernet1/0/0] quit
# Apply the IPSec policy to the interface of RouterB.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy use1
[Huawei-Ethernet1/0/0] quit
Run the display ipsec sa command on RouterA and RouterB to view the configuration of the
IPSec SAs. Take the display on RouterA as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
mode: isakmp
-----------------------------
Step 8 Verify the configurations.
After the configurations are complete, PC A can ping PC B successfully. The data transmitted
between PC A and PC B is encrypted.
Run the display ike sa command on RouterA, and the following information is displayed:
[Huawei] display ike sa
---------------------------------------------------------
Flag Description:
RD--READY
HRT--HEARTBEAT
----End
Issue 01 (2012-04-20)
IPsec SA local duration(time based): 3600 seconds
IPsec SA local duration(traffic based): 1843200 kilobytes
SA trigger mode: Automatic
Route inject: None
path MTU: 1500
Connection id: 3
encapsulation mode: tunnel
tunnel local : 202.138.163.1
[inbound ESP SAs]
spi: 1406123142 (0x53cfbc86)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436528/3575
max received sequence-number: 4
udp encapsulation used for nat traversal: N
[outbound ESP SAs]
spi: 3835455224 (0xe49c66f8)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436464/3575
max sent sequence-number: 5
udp encapsulation used for nat traversal: N
Conn-ID
Peer
14
202.138.162.1
16
202.138.162.1
ST--STAYALIVE
LKG--LAST KNOWN GOOD SEQ NO.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
tunnel remote: 202.138.162.1
VPN
Flag(s)
0
RD|ST
0
RD|ST
RL--REPLACED
FD--FADING
BCK--BACKED UP
5 IPSec Configuration
Phase
1
2
TO--TIMEOUT
323
Hide quick links:
Advertisement
Table of Contents
