ipsec policy use1
#
return
5.8.3 Example for Configuring IKE Negotiation
IKE automatically establishes an SA and performs key exchange to improve efficiency of SA
establishment and ensure network security.
Networking Requirements
As shown in Figure 5-5, an IPSec tunnel is established between RouterA and RouterB. This
IPSec tunnel protects data flows between the subnet of PC A (10.1.1.0/24) and subnet of PC B
(10.1.2.0/24). The IPSec tunnel uses the ESP protocol, DES encryption algorithm, and SHA-1
authentication algorithm.
Figure 5-5 Network diagram for configuring IKE negotiation
PC A PC B
RouterBRouterA
10.1.1.2/24
10.1.2.2/24
Eth 1/0/0
Eth 1/0/0
Internet
202.138.163.1/24 202.138.162.1/24
IPSec Tunnel
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IP addresses for interfaces.
2. Configure an IKE proposal.
3. Specify the local host ID and IKE peer for IKE negotiation.
4. Configure Access Control Lists (ACLs) and define the data flows to be protected.
5. Configure static routes to peers.
6. Configure an IPSec proposal.
7. Configure IPSec policies and apply the ACLs and IPSec proposal to the IPSec policies.
8. Apply IPSec policies to interfaces.
Procedure
Step 1 Configure IP addresses for the interfaces on RouterA and RouterB.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
325
To Next Page
Loading...
