Only one IPSec policy can be applied to an interface. An IPSec policy can be applied to multiple
interfaces.
After the configuration is complete, the packets transmitted between two ends of the IPSec tunnel
trigger SA establishment through IKE negotiation. In automatic triggering mode, the SA is
established immediately after the IKE negotiation succeeds. In traffic-based triggering mode,
the SA is established only after data flows matching the IPSec policy are sent from the interface.
After IKE negotiation succeeds and the SA is established, the data flows are encrypted and then
transmitted between two ends.
----End
5.4.11 Checking the Configuration
After an IPSec tunnel is established through IKE negotiation, you can view information about
the SA, configuration of the IKE peer, and configuration of the IKE proposal.
Prerequisites
The configurations required to establish an IPSec tunnel through IKE negotiation are complete.
Procedure
l Run the display ike sa [ v2 ] [ conn-id connid | peer-name peername | phase phase-
number | verbose ] command to view information about the SAs established through IKE
negotiation.
l Run the display ike peer [ name peer-name ] [ verbose ] command to view the
configuration of a specified IKE peer or all IKE peers.
l Run the display ike proposal command to view the configuration of a specified IKE
proposal or all IKE proposals.
l Run the display ipsec sa [ brief | duration | policy policy-name [ seq-number ] | peerip
peer-ip-address ] command to view the configuration of a specified SA or all SAs.
l Run the display ipsec policy [ brief | name policy-name [ seq-number ] ] command to view
information about a specified IPSec policy or all IPSec policies.
l Run the display ipsec proposal [ name proposal-name ] command to view information
about a specified IPSec proposal or all IPSec proposals.
----End
5.5 Establishing an IPSec Tunnel Using an IPSec Tunnel
Interface
This section describes how to create an IPSec tunnel interface and apply an IPSec profile to the
IPSec tunnel interface so that the IPSec profile configuration takes effect on the IPSec tunnel
interface.
5.5.1 Establishing the Configuration Task
Before establishing an IPSec tunnel using an IPSec tunnel interface, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain the data required
for configuration. This will help you complete the configuration task quickly and accurately.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
302
To Next Page
Loading...
