Huawei AR1200 series Configuration Manual page 353

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
[Huawei-acl-adv-3000] quit
Step 4 Configure the Efficient VPN policies in network mode on RouterA and RouterB.
# Configure the Efficient VPN policy in network mode on RouterA.
[Huawei] ipsec efficient-vpn easyvpn_1 mode network
[Huawei-ipsec-efficient-vpn-easyvpn_1] remote-address 99.1.2.1 v1
[Huawei-ipsec-efficient-vpn-easyvpn_1] pre-shared-key htipl1.,;[-09876543211;'[]
[Huawei-ipsec-efficient-vpn-easyvpn_1] security acl 3000
[Huawei-ipsec-efficient-vpn-easyvpn_1] quit
# Configure the Efficient VPN policy in network mode on RouterB.
[Huawei] ipsec efficient-vpn easyvpn_1 mode network
[Huawei-ipsec-efficient-vpn-easyvpn_1] remote-address 99.1.1.1 v1
[Huawei-ipsec-efficient-vpn-easyvpn_1] pre-shared-key htipl1.,;[-09876543211;'[]
[Huawei-ipsec-efficient-vpn-easyvpn_1] security acl 3000
[Huawei-ipsec-efficient-vpn-easyvpn_1] quit
Step 5 Apply the Efficient VPN policies to the sub-interfaces of RouterA and RouterB.
# Apply the Efficient VPN policy to the sub-interface on RouterA.
[Huawei] interface ethernet 1/0/0.1
[Huawei-Ethernet1/0/0.1] ipsec efficient-vpn easyvpn_1
# Apply the Efficient VPN policy to the sub-interface on RouterB.
[Huawei] interface ethernet 1/0/0.1
[Huawei-Ethernet1/0/0.1] ipsec efficient-vpn easyvpn_1
Step 6 Verify the configuration
After the preceding configuration, RouterA can still ping RouterB and the data transmitted
between them is encrypted.
l Run the display ipsec sa command on RouterA and RouterB to view the IKE configuration.
l Run the display ipsec sa command on RouterA and RouterB to view the IPSec configuration.
Issue 01 (2012-04-20)
The display on RouterA is used as an example.
[Huawei] display ike sa
Conn-ID Peer
---------------------------------------------------------
3 99.1.2.1
2 99.1.2.1
Flag
Description:
RD--READY ST--STAYALIVE
TIMEOUT
HRT--HEARTBEAT LKG--LAST KNOWN GOOD SEQ NO.
The display on RouterA is used as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0.1
Path MTU: 1500
===============================
-----------------------------
IPSec efficient-vpn name: "easyvpn_1"
mode: EFFICIENTVPN-NETWORK MODE
-----------------------------
Connection ID: 3
encapsulation mode: Tunnel
tunnel local
tunnel remote
Flow source
Flow destination
[Outbound ESP SAs]
SPI: 71167994 (0x43deffa)
proposal: ESP-ENCRYPT-AES-256 SHA2-512-256
SA remaining key duration (bytes/sec): 1887436800/1845
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VPN Flag(s)
0 RD|ST
0 RD|ST
RL--REPLACED
: 99.1.1.1
: 99.1.2.1
: 100.1.1.1/0.0.0.0 0/0
: 100.1.2.1/0.0.0.0 0/0
5 IPSec Configuration
Phase
2
1
FD--FADING TO--
BCK--BACKED UP
342