Huawei AR1200-S Configuration Manual page 274

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
[Huawei] ping 2.2.2.1
PING 2.2.2.1: 56
--- 2.2.2.1 ping statistics ---
ms
----End
Configuration Files
Configuration file of RouterA
#
router id 1.1.1.1
#
acl number 3000
rule 5 permit ip source 1.1.1.1 0 destination 2.2.2.1 0
rule 15 permit ip source 10.1.1.1 0 destination 11.1.1.1 0
#
ipsec proposal routera
esp authentication-algorithm sha1
esp encryption-algorithm
3des
#
ike proposal 1
encryption-algorithm 3des-cbc
authentication-method rsa-signature
#
ike peer routera v2
ike-proposal 1
local-address 1.1.1.1
remote-address 2.2.2.1
pki realm testa
#
ipsec policy routera 1 isakmp
security acl 3000
ike-peer routera
proposal routera
#
interface Ethernet2/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 1.1.1.1 255.255.255.0
ipsec policy routera
#
ospf 1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
pki entity routera
Issue 02 (2012-03-30)
data bytes, press CTRL_C to break
Reply from 2.2.2.1: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 2.2.2.1: bytes=56 Sequence=2 ttl=255 time=2 ms
Reply from 2.2.2.1: bytes=56 Sequence=3 ttl=255 time=2 ms
Reply from 2.2.2.1: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 2.2.2.1: bytes=56 Sequence=5 ttl=255 time=2 ms
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/3
NOTE
During IKE negotiation, if RouterA and Router B do not obtain CA certificates or local certificates, IKE
negotiation fails.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12 PKI Configuration
260