Step 4 Configure static routes to the peers on RouterA and RouterB.
# Configure a static route to the peer on RouterA. In this example, the next hop to PCB is
202.138.163.2.
[Huawei] ip route-static 10.1.2.0 255.255.255.0 202.138.163.2
# Configure a static route to the peer on RouterB. In this example, the next hop to PCA is
202.138.162.2.
[Huawei] ip route-static 10.1.1.0 255.255.255.0 202.138.162.2
Step 5 Create an IPSec proposal on RouterA and RouterB.
# Create the IPSec proposal on RouterA.
[Huawei] ipsec proposal tran1
[Huawei-ipsec-proposal-tran1] quit
# Create the IPSec proposal on RouterB.
[Huawei] ipsec proposal tran1
[Huawei-ipsec-proposal-tran1] quit
Run the display ipsec proposal command on RouterA and RouterB to view the configuration
of the IPSec proposal. Take the display on RouterA as an example.
[Huawei] display ipsec proposal
Number of Proposals: 1
IPsec proposal name: tran1
Encapsulation mode: Tunnel
Transform : esp-new
ESP protocol : Authentication MD5-HMAC-96
Encryption DES
Step 6 Create IPSec policies on RouterA and RouterB.
# Create an IPSec policy on RouterA.
[Huawei] ipsec policy map1 10 isakmp
[Huawei-ipsec-policy-isakmp-map1-10] ike-peer spub
[Huawei-ipsec-policy-isakmp-map1-10] proposal tran1
[Huawei-ipsec-policy-isakmp-map1-10] security acl 3101
[Huawei-ipsec-policy-isakmp-map1-10] quit
# Create an IPSec policy on RouterB.
[Huawei] ipsec policy use1 10 isakmp
[Huawei-ipsec-policy-isakmp-use1-10] ike-peer spua
[Huawei-ipsec-policy-isakmp-use1-10] proposal tran1
[Huawei-ipsec-policy-isakmp-use1-10] security acl 3101
[Huawei-ipsec-policy-isakmp-use1-10] quit
Run the display ipsec policy command on RouterA and RouterB to view the configurations of
the IPSec policies. Take the display on RouterA as an example.
[Huawei] display ipsec policy
===========================================
IPsec policy group: "map1"
Using interface: {}
===========================================
Sequence number: 10
Security data flow: 3101
Peer name: spub
Perfect forward secrecy: None
Proposal name: tran1
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
322
To Next Page
Loading...
