l Configuring link layer protocol parameters for interfaces to ensure that the link layer
protocol status on the interfaces is Up
l Configuring routes between the source and the destination
Data Preparation
To configure the Efficient VPN policy, you need the following data.
No. Data
1 Parameters of an advanced ACL
2 Name and priority of the IKE proposal, encryption algorithm, authentication
algorithm, and authentication method used in IKE negotiation, identifier of the
Diffie-Hellman group, SA lifetime, and IPSec proposal name
3 Name and sequence number of an IPSec policy, and name and sequence number
of an IPSec policy template
4 DNS server address, WINS server address, and allocable network segment
address in the global address pool
5 IKE local address, IKE peer address, and peer name
5.6.2 Configuring Client Mode
The client mode of the Efficient VPN policy protects data flows whose addresses are NAT
translated.
Context
Only mandatory parameters, such as the IP address and pre-shared key, need to be configured
on a remote device. Other parameters, such as authentication and encryption algorithms used in
IKE negotiation, and the IPSec proposal, are preconfigured on the server.
Procedure
Step 1 Perform the following steps on the remote router:
1. Run:
system-view
The system view is displayed.
2. Run:
ipsec efficient-vpn efficient-vpn-name mode client
An IPSec Efficient VPN policy in client mode is created and the Efficient VPN policy view
is displayed.
3. Run:
remote-address { ip-address | host-name } { v1 | v2 }
An IP address or domain name is configured for the remote IKE peer.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
307
To Next Page
Loading...
