Huawei AR1200 Series

To Next Page

To Previous Page

Procedure

Step 1 Configure IP addresses for the interfaces on RouterA and RouterB.

# Assign an IP address to the interface of RouterA.

<Huawei> system-view

[Huawei] interface ethernet 1/0/0

[Huawei-Ethernet1/0/0] ip address 202.138.163.1 255.255.255.0

[Huawei-Ethernet1/0/0] quit

# Assign an IP address to the interface of RouterB.

<Huawei> system-view

[Huawei] interface ethernet 1/0/0

[Huawei-Ethernet1/0/0] ip address 202.138.162.1 255.255.255.0

[Huawei-Ethernet1/0/0] quit

Step 2 Configure static routes to the peers on RouterA and RouterB.

# Configure a static route to the remote peer on RouterA. This example assumes that the next

hop address in the route to RouterB is 202.138.163.2.

[Huawei] ip route-static 10.1.2.0 255.255.255.0 202.138.163.2

# Configure a static route to the remote peer on RouterB. This example assumes that the next

hop address in the route to RouterB is 202.138.162.2.

[Huawei] ip route-static 10.1.1.0 255.255.255.0 202.138.162.2

Step 3 Create IKE proposals on RouterA and RouterB.

# Create an IKE proposal on RouterA.

[Huawei] ike proposal 1

[Huawei-ike-proposal-1] dh group5

[Huawei-ike-proposal-1] authentication-algorithm aes_xcbc_mac_96

[Huawei-ike-proposal-1] prf aes_xcbc_128

[Huawei-ike-proposal-1] quit

# Create an IKE proposal on RouterB.

[Huawei] ike proposal 1

[Huawei-ike-proposal-1] dh group5

[Huawei-ike-proposal-1] authentication-algorithm aes_xcbc_mac_96

[Huawei-ike-proposal-1] prf aes_xcbc_128

[Huawei-ike-proposal-1] quit

Step 4 Configure local IDs and IKE peers on RouterA and RouterB.

# Configure the local ID and IKE peer on RouterA.

[Huawei] ike peer spub v2

[Huawei-ike-peer-spub] ike-proposal 1

[Huawei-ike-peer-spub] pre-shared-key huawei

[Huawei-ike-peer-spub] quit

# Configure the local ID and IKE peer on RouterB.

[Huawei] ike peer spua v2

[Huawei-ike-peer-spua] ike-proposal 1

[Huawei-ike-peer-spua] pre-shared-key huawei

[Huawei-ike-peer-spua] quit

Run the display ike peer command on RouterA and RouterB to view the configuration of the

IKE peer. Take the display on RouterA as an example.

[Huawei] display ike peer name spub verbose

----------------------------------------

Huawei AR1200 Series Enterprise Routers

Configuration Guide - VPN 5 IPSec Configuration

Issue 01 (2012-04-20) Huawei Proprietary and Confidential

332

Huawei AR1200 Series - Page 343

Table of Contents

Other manuals for Huawei AR1200 Series

Related product manuals