Application Environment
Data flows must be authenticated to ensure data transmission security. In a high security scenario,
data flows must be authenticated and encrypted. In such a scenario, configure IPSec on the device
that initiates the IPSec service and the device that terminates the IPSec service.
When the network topology is complex, you can establish IPSec tunnels through IKE
negotiation.
Pre-configuration Tasks
Before establishing an IPSec tunnel through IKE negotiation, complete the following tasks:
l Setting parameters of the link-layer protocol and IP addresses for the interfaces to ensure
that the link-layer protocol on the interfaces is Up
l Configuring routes between the source and the destination
Data Preparation
To establish an IPSec tunnel through IKE negotiation, you need to the following data.
No. Data
1 Parameters of an advanced ACL
2 Priority of the IKE proposal, encryption algorithm, authentication algorithm, and
authentication method used in IKE negotiation, identifier of the Diffie-Hellman
group, and SA lifetime
3 IKE peer name, negotiation mode, IKE proposal name, IKE peer ID type, pre-
shared key, remote address, (optional) VPN instance bound to the IPSec tunnel,
and remote host name
4 IPSec proposal name, security protocol, authentication algorithm of AH,
authentication algorithm and encryption algorithm of ESP, and packet
encapsulation mode
5 Name and sequence number of the IPSec policy, (optional) Perfect Forward
Secrecy (PFS) feature used in IKE negotiation
6 (Optional) Name of the IPSec policy template
7 (Optional) Local address of the IPSec policy group, time-based global SA
lifetime, traffic-based global SA lifetime, interval for sending keepalive packets,
timeout inertial of keepalive packets, and interval for sending NAT update packets
8 Type and number of the interface to which the IPSec policy is applied
NOTE
Use the AH or ESP protocol based on requirements on your network.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
292
To Next Page
Loading...
Need help?
General
