Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec policy-template policy-template-name seq-number
An IPSec policy template is created.
Step 3 (Optional) Run:
security acl acl-number
An ACL is applied to the IPSec policy template.
Step 4 Run:
proposal proposal-name
An IPSec proposal is applied to the IPSec policy template.
An IPSec policy that uses IKE negotiation can reference a maximum of six IPSec proposals.
During IKE negotiation, the two ends of the IPSec tunnel use the IPSec proposals with the same
parameter settings first.
Step 5 (Optional) Run:
sa duration { traffic-based kilobytes | time-based interval }
The IPSec SA lifetime is set.
Step 6 Run:
ike-peer peer-name
An IKE peer is applied to the IPSec policy template.
Step 7 (Optional) Run:
pfs { dh-group1 | dh-group2 }
The Perfect Forward Secrecy (PFS) feature used in the negotiation is configured.
By default, the PFS feature is not used in IKE negotiation.
----End
4.4.8 (Optional) Setting Optional Parameters
This section describes how to set optional parameters for IKE negotiation.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec sa global-duration { time-based interval | traffic-based kilobytes }
The global SA lifetime is set.
Issue 01 (2012-03-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
127
Advertisement
Table of Contents
