interface. The packets received by the remote peer contain the VPN attribute, so you do not need
to specify the VPN on the remote peer.
Step 12 (Optional) Run:
remote-name name
The remote host name is configured. Perform this step only when name authentication is used
in aggressive mode.
If IKEv2 is used, set local-id-type to ip and peer-id-type to name, and configure remote-
name.
Step 13 (Optional) Run:
inband ocsp
The Online Certificate Status Protocol (OCSP) is enabled for the IKE peer.
Step 14 (Optional) Run:
pki realm realm-name
A public key infrastructure (PKI) domain is bound to the IKE peer.
After a PKI domain is bound to an IKE peer, the IKE peer can obtain the CA certificate and
local certificate based on the PKI domain configuration.
Step 15 Run:
quit
Return to the system view.
Step 16 (Optional) Run:
ike local-name local-name
The local host name used in the IKE negotiation is configured.
Perform this step when the local-id-type is set to name.
----End
5.4.5 Configuring an IPSec Proposal
Both ends of the tunnel must be configured with the same security protocol, authentication
algorithm, encryption algorithm, and packet encapsulation mode.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec proposal proposal-name
An IPSec proposal is created and the IPSec proposal view is displayed.
Step 3 (Optional) Run:
transform { ah | esp | ah-esp }
The security protocol is configured.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
296
To Next Page
Loading...
