[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy map1
[Huawei-Ethernet1/0/0] quit
# Apply the IPSec policy to the interface of RouterB.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy use1
[Huawei-Ethernet1/0/0] quit
Run the display ipsec sa command on RouterA and RouterB to view the configuration of the
IPSec SAs. Take the display on RouterA as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0
Path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map1"
Sequence number: 10
Acl Group: 3101
Acl rule: 0
Mode: Manual
-----------------------------
Encapsulation mode: Tunnel
Tunnel local : 202.138.163.1
Tunnel remote: 202.138.162.1
[Outbound ESP SAs]
SPI: 12345 (0x3039)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-SHA1
No duration limit for this SA
[Inbound ESP SAs]
SPI: 54321 (0xd431)
Proposal: ESP-ENCRYPT-DES-64 ESP-AUTH-SHA1
No duration limit for this SA
Step 7 Verify the configurations.
After the configurations are complete, PC A can ping PC B successfully. You can run the display
ipsec statistics esp command to view packet statistics.
----End
Configuration Files
l Configuration file of RouterA
#
acl number
3101
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
#
ipsec proposal
tran1
esp authentication-algorithm
sha1
#
ipsec policy map1 10
manual
security acl
3101
proposal
tran1
tunnel local
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
318
To Next Page
Loading...
