5.8 Configuration Examples
This section provides several configuration examples of IPSec.
5.8.1 Example for Establishing an SA Manually
You can establish security associations (SAs) manually when the network topology is simple.
When there are a large number of devices on the network, it is difficult to establish SAs manually,
and network security cannot be ensured.
Networking Requirements
As shown in Figure 5-3, an IPSec tunnel is established between RouterA and RouterB to protect
data flows between the subnet of PC A (10.1.1.0/24) and subnet of PC B (10.1.2.0/24). The
IPSec tunnel uses the ESP protocol, DES encryption algorithm, and SHA-1 authentication
algorithm.
Figure 5-3 Network diagram for configuring IPSec
PC A PC B
RouterBRouterA
10.1.1.2/24
10.1.2.2/24
Eth 1/0/0
Eth 1/0/0
Internet
202.138.163.1/24 202.138.162.1/24
IPSec Tunnel
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces.
2. Configure Access Control Lists (ACLs) and define the data flows to be protected.
3. Configure static routes to peers.
4. Configure an IPSec proposal.
5. Configure IPSec policies and apply the ACLs and IPSec proposal to the IPSec policies.
6. Apply IPSec policies to interfaces.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
315
To Next Page
Loading...
