5.3.3 Configuring an IPSec Proposal
An IPSec proposal defines the security protocol, authentication algorithm, encryption algorithm,
and packet encapsulation mode. Both ends of a tunnel must use the same IPSec proposal
configuration.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec proposal proposal-name
An IPSec proposal is created and the IPSec proposal view is displayed.
Step 3 (Optional) Run:
transform { ah | esp | ah-esp }
The security protocol is specified.
By default, the ESP protocol defined in RFC 2406 is used.
Step 4 (Optional) Run:
ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }
The authentication algorithm used by AH is specified.
By default, AH uses the MD5 authentication algorithm.
Step 5 (Optional) Run:
esp authentication-algorithm [ md5 | sha1 | sha2-256 | sha2-384 | sha2-512 ]
The authentication algorithm used by ESP is specified.
By default, both ESP and AH use the MD5 authentication algorithm.
You can configure the authentication and encryption algorithms only after selecting a security
protocol using the transform command.
Step 6 (Optional) Run:
esp encryption-algorithm [ 3des | des | aes-128 | aes-192 | aes-256 ]
The encryption algorithm used by ESP is specified.
By default, ESP uses the DES encryption algorithm.
Step 7 (Optional) Run:
encapsulation-mode { transport | tunnel }
The packet encapsulation mode is configured.
By default, the tunnel mode is used.
----End
5.3.4 Configuring an IPSec Policy
After establishing an IPSec tunnel manually, configure an IPSec policy for the tunnel.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
288
To Next Page
Loading...
