Huawei AR1200 series Configuration Manual page 343
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
Procedure
Step 1 Configure IP addresses for the interfaces on RouterA and RouterB.
# Assign an IP address to the interface of RouterA.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.163.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
# Assign an IP address to the interface of RouterB.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.162.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
Step 2 Configure static routes to the peers on RouterA and RouterB.
# Configure a static route to the remote peer on RouterA. This example assumes that the next
hop address in the route to RouterB is 202.138.163.2.
[Huawei] ip route-static 10.1.2.0 255.255.255.0 202.138.163.2
# Configure a static route to the remote peer on RouterB. This example assumes that the next
hop address in the route to RouterB is 202.138.162.2.
[Huawei] ip route-static 10.1.1.0 255.255.255.0 202.138.162.2
Step 3 Create IKE proposals on RouterA and RouterB.
# Create an IKE proposal on RouterA.
[Huawei] ike proposal 1
[Huawei-ike-proposal-1] dh group5
[Huawei-ike-proposal-1] authentication-algorithm aes_xcbc_mac_96
[Huawei-ike-proposal-1] prf aes_xcbc_128
[Huawei-ike-proposal-1] quit
# Create an IKE proposal on RouterB.
[Huawei] ike proposal 1
[Huawei-ike-proposal-1] dh group5
[Huawei-ike-proposal-1] authentication-algorithm aes_xcbc_mac_96
[Huawei-ike-proposal-1] prf aes_xcbc_128
[Huawei-ike-proposal-1] quit
Step 4 Configure local IDs and IKE peers on RouterA and RouterB.
# Configure the local ID and IKE peer on RouterA.
[Huawei] ike peer spub v2
[Huawei-ike-peer-spub] ike-proposal 1
[Huawei-ike-peer-spub] pre-shared-key huawei
[Huawei-ike-peer-spub] quit
# Configure the local ID and IKE peer on RouterB.
[Huawei] ike peer spua v2
[Huawei-ike-peer-spua] ike-proposal 1
[Huawei-ike-peer-spua] pre-shared-key huawei
[Huawei-ike-peer-spua] quit
Run the display ike peer command on RouterA and RouterB to view the configuration of the
IKE peer. Take the display on RouterA as an example.
[Huawei] display ike peer name spub verbose
----------------------------------------
Issue 01 (2012-04-20)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
332
Hide quick links:
Advertisement
Table of Contents
