No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure IPSec VPN If the Peer Device Does Not Have a Fixed IP Address or If There Are Multiple Peer Devices?

How Do I Configure IPSec VPN If the Peer Device Does Not Have a Fixed IP Address or If There Are Multiple Peer Devices?

Assume that the peer device does not have a fixed IP address (for example, the peer device uses DHCP to dynamically obtain an IP address) or there are multiple peer devices. You can configure an IPSec policy using the policy template on the device with a fixed IP address. The device can then respond to IPSec negotiation initiated by a device with a dynamic IP address or IPSec negotiation initiated by multiple devices. IPSec tunnels can then be set up. The configuration principle is as follows:
  • Configure an IPSec policy using the policy template on the device with a fixed IP address (as the responder), and configure an IPSec policy that establishes an SA through IKE negotiation (ISAKMP mode) on the peer device (as the initiator).
  • When the IPSec policy template is used, referencing an IPSec proposal and the IKE peer is mandatory and other settings are optional. The initiator determines the parameters that are not defined in the IPSec policy template, and the responder will accept the settings from the initiator.

For the method of configuring an IPSec VPN tunnel when the peer device does not have a fixed IP address, see Example for Establishing an IPSec Tunnel Through Negotiation Initiated by the Branch User That Dynamically Obtains an IP Address and Example for Configuring the Branch to Access the Internet Through the 3G Interface and Configuring the Headquarters to Establish an IPSec Tunnel with the Branch Using the IPSec Policy Template.

For the method of configuring an IPSec VPN tunnel when there are multiple peer devices, see Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Using an IPSec Policy Template and Example for Establishing Multiple IPSec Tunnels Between the Headquarters and Branches Using the IPSec Policy Template.

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 445045

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next