[Huawei-acl-adv-3000] quit
Step 4 Configure the Efficient VPN policies in network mode on RouterA and RouterB.
# Configure the Efficient VPN policy in network mode on RouterA.
[Huawei] ipsec efficient-vpn easyvpn_1 mode network
[Huawei-ipsec-efficient-vpn-easyvpn_1] remote-address 99.1.2.1 v1
[Huawei-ipsec-efficient-vpn-easyvpn_1] pre-shared-key htipl1.,;[-09876543211;'[]
[Huawei-ipsec-efficient-vpn-easyvpn_1] security acl 3000
[Huawei-ipsec-efficient-vpn-easyvpn_1] quit
# Configure the Efficient VPN policy in network mode on RouterB.
[Huawei] ipsec efficient-vpn easyvpn_1 mode network
[Huawei-ipsec-efficient-vpn-easyvpn_1] remote-address 99.1.1.1 v1
[Huawei-ipsec-efficient-vpn-easyvpn_1] pre-shared-key htipl1.,;[-09876543211;'[]
[Huawei-ipsec-efficient-vpn-easyvpn_1] security acl 3000
[Huawei-ipsec-efficient-vpn-easyvpn_1] quit
Step 5 Apply the Efficient VPN policies to the sub-interfaces of RouterA and RouterB.
# Apply the Efficient VPN policy to the sub-interface on RouterA.
[Huawei] interface ethernet 1/0/0.1
[Huawei-Ethernet1/0/0.1] ipsec efficient-vpn easyvpn_1
# Apply the Efficient VPN policy to the sub-interface on RouterB.
[Huawei] interface ethernet 1/0/0.1
[Huawei-Ethernet1/0/0.1] ipsec efficient-vpn easyvpn_1
Step 6 Verify the configuration
After the preceding configuration, RouterA can still ping RouterB and the data transmitted
between them is encrypted.
l Run the display ipsec sa command on RouterA and RouterB to view the IKE configuration.
The display on RouterA is used as an example.
[Huawei] display ike sa
Conn-ID Peer VPN Flag(s) Phase
---------------------------------------------------------
3 99.1.2.1 0 RD|ST 2
2 99.1.2.1 0 RD|ST 1
Flag
Description:
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--
TIMEOUT
HRT--HEARTBEAT LKG--LAST KNOWN GOOD SEQ NO. BCK--BACKED UP
l Run the display ipsec sa command on RouterA and RouterB to view the IPSec configuration.
The display on RouterA is used as an example.
[Huawei] display ipsec sa
===============================
Interface: Ethernet 1/0/0.1
Path MTU: 1500
===============================
-----------------------------
IPSec efficient-vpn name: "easyvpn_1"
mode: EFFICIENTVPN-NETWORK MODE
-----------------------------
Connection ID: 3
encapsulation mode: Tunnel
tunnel local : 99.1.1.1
tunnel remote : 99.1.2.1
Flow source : 100.1.1.1/0.0.0.0 0/0
Flow destination : 100.1.2.1/0.0.0.0 0/0
[Outbound ESP SAs]
SPI: 71167994 (0x43deffa)
proposal: ESP-ENCRYPT-AES-256 SHA2-512-256
SA remaining key duration (bytes/sec): 1887436800/1845
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 5 IPSec Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
342
To Next Page
Loading...
