Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
No.
3
4
5
6
7
8
4.4.2 Defining Protected Data Flows
IPSec can protect different data flows. In real-world applications, configure an ACL to define
the protected data flows and apply the ACL to a security policy.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto }]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
----End
4.4.3 Configuring an IKE Proposal
You can create multiple IKE proposals with different priority levels. The two ends must have
at least one matching IKE proposal for IKE negotiation.
Issue 01 (2012-03-15)
Data
IKE peer name, negotiation mode, IKE proposal name, IKE peer ID type, pre-
shared key, remote address, (optional) VPN instance bound to the IPSec tunnel,
and remote host name
IPSec proposal name, security protocol, authentication algorithm of AH,
authentication algorithm and encryption algorithm of ESP, and packet
encapsulation mode
Name and sequence number of the IPSec policy, (optional) Perfect Forward
Secrecy (PFS) feature used in IKE negotiation
(Optional) Name of the IPSec policy template
(Optional) Local address of the IPSec policy group, time-based global SA
lifetime, traffic-based global SA lifetime, interval for sending keepalive packets,
timeout inertial of keepalive packets, and interval for sending NAT update packets
Type and number of the interface to which the IPSec policy is applied
NOTE
Use the AH or ESP protocol based on requirements on your network.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
121
Advertisement
Table of Contents
