Huawei AR1200 Series Configuration Guide

Huawei AR1200 Series

392 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Page #338 background image

Loading...

Page #338 background image

Proposal : 1

Local ID type : Name

DPD : Disable

DPD mode : Periodic

DPD idle time : 30

DPD retransmit interval : 15

DPD retry limit : 3

Host name :

Peer Ip address : 202.138.162.1

VPN name :

Local IP address : 202.138.163.1

Remote name : huawei02

Nat-traversal : Disable

Configured IKE version : Version one

Auto-configure : Disable

PKI realm : NULL

Inband OCSP : Disable

----------------------------------------

Step 4 Configure ACLs on RouterA and RouterB to define the data flows to be protected.

# Configure an ACL on RouterA.

[Huawei] acl number 3101

[Huawei-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0

0.0.0.255

[Huawei-acl-adv-3101] quit

# Configure an ACL on RouterB.

[Huawei] acl number 3101

[Huawei-acl-adv-3101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0

0.0.0.255

[Huawei-acl-adv-3101] quit

Step 5 Configure static routes to the peers on RouterA and RouterB.

# Configure a static route to the peer on RouterA. In this example, the next hop to PCB is

202.138.163.2.

[Huawei] ip route-static 10.1.2.0 255.255.255.0 202.138.163.2

# Configure a static route to the peer on RouterB. In this example, the next hop to PCA is

202.138.162.2.

[Huawei] ip route-static 10.1.1.0 255.255.255.0 202.138.162.2

Step 6 Create an IPSec proposal on RouterA and RouterB.

# Create the IPSec proposal on RouterA.

[Huawei] ipsec proposal tran1

[Huawei-ipsec-proposal-tran1] encapsulation-mode tunnel

[Huawei-ipsec-proposal-tran1] transform esp

[Huawei-ipsec-proposal-tran1] esp encryption-algorithm des

[Huawei-ipsec-proposal-tran1] esp authentication-algorithm sha1

[Huawei-ipsec-proposal-tran1] quit

# Create the IPSec proposal on RouterB.

[Huawei] ipsec proposal tran1

[Huawei-ipsec-proposal-tran1] encapsulation-mode tunnel

[Huawei-ipsec-proposal-tran1] transform esp

[Huawei-ipsec-proposal-tran1] esp encryption-algorithm des

[Huawei-ipsec-proposal-tran1] esp authentication-algorithm sha1

[Huawei-ipsec-proposal-tran1] quit

Run the display ipsec proposal command on RouterA and RouterB to view the configuration

of the IPSec proposal. Take the display on RouterA as an example.

Huawei AR1200 Series Enterprise Routers

Configuration Guide - VPN 5 IPSec Configuration

Issue 01 (2012-04-20) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

327

Table of Contents

Other manuals for Huawei AR1200 Series

User Configuration Guide232 pages

Configuration Guide - Wlan58 pages

Configuration Guide - Voice65 pages

Hardware Description218 pages

Usage Guide69 pages

Compliance And Safety Manual31 pages

Configuration Guide - Mpls132 pages

Brochure12 pages

Questions and Answers:

Need help?

Do you have a question about the Huawei AR1200 Series and is the answer not in the manual?

Huawei AR1200 Series Specifications

General

Brand	Huawei
Model	AR1200 Series
Category	Network Router
Language	English

Related product manuals

Preview: Huawei AR1200-S

Huawei AR1200-S

Preview: Huawei AR120

Huawei AR120 Series

Preview: Huawei Vodafone AR1220

Huawei Vodafone AR1220

Preview: Huawei AR150 series

Huawei AR150 series

Huawei AR100 Series

Huawei AR160 Series

Huawei AR651W-X4

Huawei AR502CG-L

Huawei AR650 Series

Preview: Huawei AR600 Series

Huawei AR600 Series