ipsec profile profile1
ike-peer spub
proposal tran1
#
interface Tunnel0/0/0
ip address 192.168.1.1 255.255.255.0
tunnel-protocol gre
source 202.138.163.1
destination 202.138.163.2
ipsec profile profile1
#
interface Ethernet1/0/0
ip address 202.138.163.1 255.255.255.0
#
return
l Configuration file of RouterB
#
ipsec proposal tran1
transform ah-esp
ah authentication-algorithm sha1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ip route-static 10.1.1.0 255.255.255.0 202.138.162.2
#
ike proposal 1
dh group5
authentication-algorithm aes_xcbc_mac_96
prf aes_xcbc_128
#
ike peer spua v2
pre-shared-key huawei
ike-proposal 1
#
ipsec profile profile2
ike-peer spua
proposal tran1
#
interface Tunnel0/0/0
ip address 192.168.1.2 255.255.255.0
tunnel-protocol gre
source 202.138.162.1
destination 202.138.163.1
ipsec profile profile2
#
interface Ethernet1/0/0
ip address 202.138.162.1 255.255.255.0
#
return
5.8.5 Example for Establishing an SA Using Efficient VPN in Client
Mode
This topic describes an example for establishing an SA using Efficient VPN in client mode in
the actual networking.
Networking Requirements
As shown in Figure 5-7, an IPSec tunnel is established between RouterA and RouterB to protect
data flows between the subnet of PC A (10.1.1.0/24) and subnet of PC B (10.1.2.0/24). An SA
is established and the key is exchanged automatically between the Remote and Server,
simplifying the configuration and improving efficiency.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
335