Networking Requirements
As shown in Figure 5-4, an IPSec tunnel is established between RouterA and RouterB. This
IPSec tunnel protects data flows between the subnet of PC A (10.1.1.0/24) and subnet of PC B
(10.1.2.0/24). The IPSec tunnel uses the ESP protocol, DES encryption algorithm, and MD5
authentication algorithm.
NOTE
l In this example, the default IKE proposal is used.
l By default, a new IPSec proposal created using the ipsec proposal command uses the ESP protocol, DES
encryption algorithm, MD5 authentication algorithm, and tunnel encapsulation mode.
Figure 5-4 Network diagram for configuring IKE negotiation
PC A PC B
RouterBRouterA
10.1.1.2/24
10.1.2.2/24
Eth 1/0/0
Eth 1/0/0
Internet
202.138.163.1/24 202.138.162.1/24
IPSec Tunnel
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces.
2. Specify the local host ID and IKE peer for IKE negotiation.
3. Configure Access Control Lists (ACLs) and define the data flows to be protected.
4. Configure static routes to peers.
5. Configure an IPSec proposal.
6. Configure IPSec policies and apply the ACLs and IPSec proposal to the IPSec policies.
7. Apply IPSec policies to interfaces.
Procedure
Step 1 Configure IP addresses for the interfaces on RouterA and RouterB.
# Assign an IP address to the interface of RouterA.
<Huawei> system-view
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ip address 202.138.163.1 255.255.255.0
[Huawei-Ethernet1/0/0] quit
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
320
To Next Page
Loading...
