Huawei AR1200 series Configuration Manual page 39
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
[RouterA] ipsec policy policy1 1 isakmp
[RouterA-ipsec-policy-isakmp-policy1-1] security acl 3000
[RouterA-ipsec-policy-isakmp-policy1-1] ike-peer RouterC
[RouterA-ipsec-policy-isakmp-policy1-1] proposal p1
[RouterA-ipsec-policy-isakmp-policy1-1] quit
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ipsec policy policy1
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router C.
[RouterC] acl number 3000
[RouterC-acl-adv-3000] rule permit gre source 30.1.1.2 0 destination 20.1.1.1 0
[RouterC-acl-adv-3000] quit
[RouterC] ipsec proposal p1
[RouterC-ipsec-proposal-p1] quit
[RouterC] ipsec policy policy1 1 isakmp
[RouterC-ipsec-policy-isakmp-policy1-1] security acl 3000
[RouterC-ipsec-policy-isakmp-policy1-1] ike-peer RouterA
[RouterC-ipsec-policy-isakmp-policy1-1] proposal p1
[RouterC-ipsec-policy-isakmp-policy1-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] ipsec policy policy1
[RouterC-GigabitEthernet1/0/0] quit
# After the configuration, the multicast data between Router A and Router C can be transmitted
through the GRE tunnel encrypted with IPSec.
Step 6 On the source device and the destination device of the tunnel, configure the tunnel to forward
routes.
# Configure Router A.
[RouterA] ip route-static 10.2.1.0 255.255.255.0 tunnel 0/0/1
# Configure Router C.
[RouterC] ip route-static 10.1.1.0 255.255.255.0 tunnel 0/0/1
Step 7 Verify the configuration.
# After PC1 and PC2 successfully ping each other, you can view that IKE negotiation is
configured and IPSec encryption takes effect.
[RouterA] display ike sa
---------------------------------------------------------------
Flag Description:
RD--READY
HRT--HEARTBEAT
[RouterA] display ips sa
===============================
Interface: GigabitEthernet1/0/0
===============================
-----------------------------
IPsec policy name: "policy1"
sequence number: 1
mode: isakmp
-----------------------------
Issue 01 (2012-04-20)
Conn-ID
Peer
16
30.1.1.2
17
30.1.1.2
ST--STAYALIVE
LKG--LAST KNOWN GOOD SEQ NO.
path MTU: 1500
connection id: 17
encapsulation mode: tunnel
tunnel local : 20.1.1.1
[inbound ESP SAs]
spi: 2970386335 (0xb10c7f9f)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
VPN
Flag(s)
0
RD
0
RD
RL--REPLACED
FD--FADING
tunnel remote: 30.1.1.2
1 GRE Configuration
Phase
1
2
TO--TIMEOUT
BCK--BACKED UP
28
Hide quick links:
Advertisement
Table of Contents
