Huawei AR1200 Series

To Next Page

To Previous Page

[Huawei] ipsec efficient-vpn 2 mode client

4. Configure an address for the peer end in IKE negotiation.

[Huawei-ipsec-efficient-vpn-2] remote-address 60.1.2.1 v2

5. Configure a pre-shared key.

[Huawei-ipsec-efficient-vpn-2] pre-shared-key huawei

[Huawei-ipsec-efficient-vpn-2] quit

6. Apply the Efficient VPN policy to the interface.

[Huawei] interface ethernet1/0/0

[Huawei-Ethernet1/0/0] ipsec efficient-vpn 2

Step 2 Configure RouterB.

1. Assign an IP address to the interface on RouterB.

<Huawei> system-view

[Huawei] interface ethernet 1/0/0

[Huawei-Ethernet1/0/0] ip address 60.1.2.1 255.255.255.0

[Huawei-Ethernet1/0/0] quit

2. Configure a static route to the remote peer on RouterB. This example assumes that the next

hop address in the route to RouterA is 60.1.2.2.

[Huawei] ip route-static 10.1.1.0 255.255.255.0 60.1.2.2

3. Configure the resource attributes to be allocated: the IP address, DNS server address, and

WINS server address.

[Huawei] ip pool pooltest

[Huawei-ip-pool-pooltest] network 100.1.1.0 mask 255.255.255.128

[Huawei-ip-pool-pooltest] quit

[Huawei] aaa

[Huawei-aaa] service-scheme schemetest

[Huawei-aaa-service-schemetest] dns 2.2.2.2

[Huawei-aaa-service-schemetest] dns 2.2.2.3 secondary

[Huawei-aaa-service-schemetest] ip-pool pooltest

[Huawei-aaa-service-schemetest] wins 3.3.3.2

[Huawei-aaa-service-schemetest] wins 3.3.3.3 secondary

[Huawei-aaa-service-schemetest] quit

[Huawei-aaa] quit

4. Configure the IKE proposal and IKE peer.

[Huawei] ike proposal 5

[Huawei-ike-proposal-5] dh group2

[Huawei-ike-proposal-5] quit

[Huawei] ike peer rut3 v2

[Huawei-ike-peer-rut3] pre-shared-key huawei

[Huawei-ike-peer-rut3] ike-proposal 5

[Huawei-ike-peer-rut3] service-scheme schemetest

[Huawei-ike-peer-rut3] quit

5. Configure the IPSec proposal, template policy, and policy group.

[Huawei] ipsec proposal tran1

[Huawei-ipsec-proposal-tran1] quit

[Huawei] ipsec policy-template use1 10

[Huawei-ipsec-policy-templet-use1-10] ike-peer rut3

[Huawei-ipsec-policy-templet-use1-10] proposal tran1

[Huawei-ipsec-policy-templet-use1-10] sa duration time-based 600000

[Huawei-ipsec-policy-templet-use1-10] quit

[Huawei] ipsec policy policy1 10 isakmp template use1

6. Apply the policy group to the interface.

[Huawei] interface ethernet 1/0/0

[Huawei-Ethernet1/0/0] ipsec policy policy1

Step 3 Verify the configuration

1. After the preceding configuration, RouterA can still ping RouterB and the data transmitted

between them is encrypted.

Huawei AR1200 Series Enterprise Routers

Configuration Guide - VPN 5 IPSec Configuration

Issue 01 (2012-04-20) Huawei Proprietary and Confidential

337

Main Page

Huawei AR1200 Series - Page 348

Table of Contents

Other manuals for Huawei AR1200 Series

Related product manuals