Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto } ]
An advanced ACL is created and the ACL view is displayed.
Step 3 Run:
rule
The ACL rule is configured in the ACL view.
NOTE
Afer the ACL is applied, the ACL rules can match only IP packets.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
ipsec efficient-vpn efficient-vpn-name mode network
An IPSec Efficient VPN policy in network mode is created and the Efficient VPN view is
displayed.
Step 6 Run:
security acl acl-number
An ACL rule is used.
Step 7 Run:
remote-address { ip-address | host-name } { v1 | v2 }
An IP address or domain name is configured for the remote IKE peer.
Step 8 (Optional) Run:
remote-name name
The name of the remote IKE peer is specified.
Step 9 (Optional) Run:
authentication-method { pre-share | rsa-signature }
An authentication method is specified for the IKE proposal.
By default, an IKE proposal uses pre-shared key authentication.
Step 10 (Optional) Run:
pre-shared-key key
The key is specified for pre-shared key authentication.
By default, no key is specified for pre-shared key authentication.
Step 11 (Optional) Run:
pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }
The perfect forward secrecy (PFS) features is used in IKE negotiation.
Step 12 (Optional) Run:
pki realm realm-name
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
311
To Next Page
Loading...
Need help?
General
