Data Preparation
To establish an IPSec tunnel manually, you need the following data.
No. Data
1 Parameters of an advanced ACL
2 IPSec proposal name, security protocol, authentication algorithm of AH,
authentication algorithm and encryption algorithm of ESP, and packet
encapsulation mode
3 IPSec policy settings, including:
l Name and sequence number of the IPSec policy
l Local and peer IP addresses of the tunnel
l Inbound and outbound SPIs for AH or ESP
l Inbound and outbound authentication keys (character string or hexadecimal
number) for AH or ESP
l (optional) VPN instance name
4
Type and number of the interface to which the IPSec policy is applied
NOTE
Use the AH or ESP protocol based on requirements on your network.
5.3.2 Defining Protected Data Flows
IPSec can protect different data flows. In real-world applications, configure an ACL to define
the protected data flows and apply the ACL to a security policy.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto } ]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
NOTE
l The ACL must be configured to match the data flows accurately. It is recommended that you set the
action of the ACL rule to permit for the data flows that need to be protected.
l Create different ACLs and IPSec policies for the data flows with different security requirements.
----End
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
287
To Next Page
Loading...
Need help?
General
