Huawei AR1200 series Configuration Manual page 337
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
# Assign an IP address to the interface of RouterA.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.163.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
# Assign an IP address to the interface of RouterB.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.162.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
Step 2 Create an IKE proposal on RouterA and RouterB.
# Create the IKE proposal on RouterA.
[Huawei] ike proposal 1
[Huawei-ike-proposal-1] encryption-algorithm aes-cbc-128
[Huawei-ike-proposal-1] authentication-algorithm md5
[Huawei-ike-proposal-1] quit
# Create the IKE proposal on RouterB.
[Huawei] ike proposal 1
[Huawei-ike-proposal-1] encryption-algorithm aes-cbc-128
[Huawei-ike-proposal-1] authentication-algorithm md5
[Huawei-ike-proposal-1] quit
Step 3 Configure local IDs and IKE peers on RouterA and RouterB.
# Configure the local ID and IKE peer on RouterA.
[Huawei] ike local-name huawei01
[Huawei] ike peer spub v1
[Huawei-ike-peer-spub] exchange-mode aggressive
[Huawei-ike-peer-spub] ike-proposal 1
[Huawei-ike-peer-spub] local-id-type name
[Huawei-ike-peer-spub] pre-shared-key huawei
[Huawei-ike-peer-spub] remote-name huawei02
[Huawei-ike-peer-spub] remote-address 202.138.162.1
[Huawei-ike-peer-spub] local-address 202.138.163.1
[Huawei-ike-peer-spub] quit
# Configure the local ID and IKE peer on RouterB.
[Huawei] ike local-name huawei02
[Huawei] ike peer spua v1
[Huawei-ike-peer-spua] exchange-mode aggressive
[Huawei-ike-peer-spua] ike-proposal 1
[Huawei-ike-peer-spua] local-id-type name
[Huawei-ike-peer-spua] pre-shared-key huawei
[Huawei-ike-peer-spua] remote-name huawei01
[Huawei-ike-peer-spua] remote-address 202.138.163.1
[Huawei-ike-peer-spua] local-address 202.138.162.1
[Huawei-ike-peer-spua] quit
Run the display ike peer command on RouterA and RouterB to view the configuration of the
IKE peer. Take the display on RouterA as an example.
[Huawei] display ike peer name spub verbose
----------------------------------------
Issue 01 (2012-04-20)
NOTE
In aggressive mode, if the value of local-id-type is name, configure the IP address of the remote peer
(remote-address x.x.x.x) on the local end.
Peer name
Exchange mode
Pre-shared-key
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: spub
: aggressive on phase 1
: huawei
5 IPSec Configuration
326
Hide quick links:
Advertisement
Table of Contents
