Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Step 2 Run:
ipsec proposal proposal-name
An IPSec proposal is created and the IPSec proposal view is displayed.
Step 3 (Optional) Run:
transform { ah | esp | ah-esp }
The security protocol is configured.
By default, the ESP protocol defined in RFC 2406 is used.
Step 4 (Optional) Run:
ah authentication-algorithm { md5 | sha1 }
The authentication algorithm used by AH is configured.
By default, AH uses the MD5 authentication algorithm.
Step 5 (Optional) Run:
esp authentication-algorithm [ md5 | sha1 ]
The authentication algorithm used by ESP is configured.
By default, ESP uses the MD5 authentication algorithm.
Step 6 (Optional) Run:
esp encryption-algorithm { 3des | des | aes-128 | aes-192 | aes-256 }
The encryption algorithm used by ESP is configured.
By default, ESP uses the DES encryption algorithm.
Step 7 (Optional) Run:
encapsulation-mode { transport | tunnel }
The packet encapsulation mode is configured.
By default, the security protocol uses the tunnel mode to encapsulate IP packets.
----End
4.4.6 Configuring an IPSec Policy
After configuring an IKE peer, apply it to an IPSec policy. Then the two ends can start IKE
negotiation.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec policy policy-name seq-number isakmp [ template template-name ]
An IPSec policy is created.
Step 3 Run:
proposal proposal-name
Issue 01 (2012-03-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
125
Advertisement
Table of Contents
