EasyManua.ls Logo

Huawei AR1200 Series - Page 334

Huawei AR1200 Series
392 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
IPsec SA local duration(time based): 3600 seconds
IPsec SA local duration(traffic based): 1843200 kilobytes
SA trigger mode: Automatic
Route inject: None
Step 7 Apply the IPSec policies to the interfaces of RouterA and RouterB.
# Apply the IPSec policy to the interface of RouterA.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy map1
[Huawei-Ethernet1/0/0] quit
# Apply the IPSec policy to the interface of RouterB.
[Huawei] interface ethernet 1/0/0
[Huawei-Ethernet1/0/0] ipsec policy use1
[Huawei-Ethernet1/0/0] quit
Run the display ipsec sa command on RouterA and RouterB to view the configuration of the
IPSec SAs. Take the display on RouterA as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0
path MTU: 1500
===============================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
mode: isakmp
-----------------------------
Connection id: 3
encapsulation mode: tunnel
tunnel local : 202.138.163.1 tunnel remote: 202.138.162.1
[inbound ESP SAs]
spi: 1406123142 (0x53cfbc86)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436528/3575
max received sequence-number: 4
udp encapsulation used for nat traversal: N
[outbound ESP SAs]
spi: 3835455224 (0xe49c66f8)
proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5
sa remaining key duration (bytes/sec): 1887436464/3575
max sent sequence-number: 5
udp encapsulation used for nat traversal: N
Step 8 Verify the configurations.
After the configurations are complete, PC A can ping PC B successfully. The data transmitted
between PC A and PC B is encrypted.
Run the display ike sa command on RouterA, and the following information is displayed:
[Huawei] display ike sa
Conn-ID Peer VPN Flag(s) Phase
---------------------------------------------------------
14 202.138.162.1 0 RD|ST 1
16 202.138.162.1 0 RD|ST 2
Flag Description:
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
HRT--HEARTBEAT LKG--LAST KNOWN GOOD SEQ NO. BCK--BACKED UP
----End
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
323

Table of Contents

Other manuals for Huawei AR1200 Series

Preview: User Configuration Guide
User Configuration Guide232 pages
Preview: Hardware Description
Hardware Description218 pages
Preview: Usage Guide
Usage Guide69 pages
Preview: Configuration Guide - Wlan
Configuration Guide - Wlan58 pages
Preview: Configuration Guide - Voice
Configuration Guide - Voice65 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual31 pages
Preview: Configuration Guide - Mpls
Configuration Guide - Mpls132 pages
Preview: Brochure
Brochure12 pages

Related product manuals