Huawei AR1200 series Configuration Manual page 339
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
[Huawei] display ipsec proposal
Number of Proposals: 1
IPsec proposal name: tran1
Encapsulation mode: Tunnel
Transform
ESP protocol
Step 7 Create IPSec policies on RouterA and RouterB.
# Create an IPSec policy on RouterA.
[Huawei] ipsec policy map1 10 isakmp
[Huawei-ipsec-policy-isakmp-map1-10] ike-peer spub
[Huawei-ipsec-policy-isakmp-map1-10] proposal tran1
[Huawei-ipsec-policy-isakmp-map1-10] security acl 3101
[Huawei-ipsec-policy-isakmp-map1-10] quit
# Create an IPSec policy on RouterB.
[Huawei] ipsec policy use1 10 isakmp
[Huawei-ipsec-policy-isakmp-use1-10] ike-peer spua
[Huawei-ipsec-policy-isakmp-use1-10] proposal tran1
[Huawei-ipsec-policy-isakmp-use1-10] security acl 3101
[Huawei-ipsec-policy-isakmp-use1-10] quit
Run the display ipsec policy command on RouterA and RouterB to view the configurations of
the IPSec policies. Take the display on RouterA as an example.
[Huawei] display ipsec policy
===========================================
IPsec policy group: "map1"
Using interface: {}
===========================================
Step 8 Apply the IPSec policies to the interfaces of RouterA and RouterB.
# Apply the IPSec policy to the interface of RouterA.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy map1
[Huawei-Ethernet1/0/0] quit
# Apply the IPSec policy to the interface of RouterB.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy use1
[Huawei-Ethernet1/0/0] quit
Run the display ipsec sa command on RouterA and RouterB to view the configuration of the
IPSec SAs. Take the display on RouterA as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0
===============================
-----------------------------
Issue 01 (2012-04-20)
: esp-new
: Authentication SHA1-HMAC-96
Encryption
Sequence number: 10
Security data flow: 3101
Peer name:
spub
Perfect forward secrecy: None
Proposal name:
tran1
IPsec SA local duration(time based): 3600 seconds
IPsec SA local duration(traffic based): 1843200 kilobytes
SA trigger mode: Automatic
Route inject: None
path MTU: 1500
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
DES
5 IPSec Configuration
328
Hide quick links:
Advertisement
Table of Contents
