Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
4.3.2 Defining Protected Data Flows
IPSec can protect different data flows. In real-world applications, configure an ACL to define
the protected data flows and apply the ACL to a security policy.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto } ]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
----End
4.3.3 Configuring an IPSec Proposal
An IPSec proposal defines the security protocol, authentication algorithm, encryption algorithm,
and packet encapsulation mode. Both ends of a tunnel must use the same IPSec proposal
configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec proposal proposal-name
An IPSec proposal is created and the IPSec proposal view is displayed.
Step 3 (Optional) Run:
transform { ah | esp | ah-esp }
The security protocol is specified.
By default, the ESP protocol defined in RFC 2406 is used.
Step 4 (Optional) Run:
ah authentication-algorithm { md5 | sha1 }
The authentication algorithm used by AH is specified.
Issue 01 (2012-03-15)
NOTE
l The ACL must be configured to match the data flows accurately. It is recommended that you set the
action of the ACL rule to permit for the data flows that need to be protected.
l Create different ACLs and IPSec policies for the data flows with different security requirements.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
116
Advertisement
Table of Contents
