5.4.2 Defining Protected Data Flows
IPSec can protect different data flows. In real-world applications, configure an ACL to define
the protected data flows and apply the ACL to a security policy.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto }]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
NOTE
l The ACL must be configured to match the data flows accurately. It is recommended that you set the
action of the ACL rule to permit for the data flows that need to be protected.
l Create different ACLs and IPSec policies for the data flows with different security requirements.
----End
5.4.3 (Optional) Configuring an IKE Proposal
You can create multiple IKE proposals with different priority levels. The two ends must have
at least one matching IKE proposal for IKE negotiation.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ike proposal proposal-number
An IKE proposal is created and the IKE proposal view is displayed.
The IKE negotiation succeeds only when the two ends use the IKE proposals with the same
settings.
Step 3 (Optional) Run:
encryption-algorithm { des-cbc |3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-
cbc-256 }
The encryption algorithm is configured.
By default, an IKE proposal uses the DES-CBC encryption algorithm.
Step 4 (Optional) Run:
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
293
To Next Page
Loading...
Need help?
General
