Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec profile profile-name
An IPSec profile is created and the IPSec profile view is displayed.
Step 3 Run:
ike peer peer-name
An IKE peer is bound to the IPSec profile.
By default, no IKE peer is bound to any IPSec profile.
NOTE
For the detailed configuration of an IKE peer, see 5.4.4 Configuring an IKE Peer.
Step 4 Run:
proposal proposal-name
An IKE proposal is bound to the IPSec profile.
By default, no IKE proposal is bound to any IPSec profile.
NOTE
For the detailed configuration of an IKE proposal, see 5.4.5 Configuring an IPSec Proposal.
Step 5 Run:
pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 }
The router is configured to use Perfect Forward Secrecy (PFS) in IPSec negotiation.
By default, PFS is not used in IPSec negotiation.
Step 6 Run:
quit
Return to the system view.
Step 7 Run:
interface tunnel interface-number
The tunnel interface view is displayed.
Step 8 Run:
tunnel-protocol { gre [ p2mp ] | ipsec | ipv4-ipv6 | none }
The tunnel encapsulation mode is configured.
A tunnel interface can be bound to an IPSec profile only when the encapsulation mode of the
tunnel interface is set to IPSec, GRE, or Multipoint GRE (MGRE).
Step 9 Run:
ipsec profile profile-name
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 6 DSVPN Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
351
To Next Page
Loading...
