No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure Site-to-Site IPSec VPN?

How Do I Configure Site-to-Site IPSec VPN?

Site-to-site IPSec technology sets up an IPSec tunnel between two sites (for example, gateways) to implement secure communication between LANs. Figure 29-36 shows the typical networking of site-to-site IPSec.
Figure 29-36 Typical networking of site-to-site IPSec
Huawei AR series routers support three types of site-to-site IPSec:
  • An IPSec tunnel that is set up using an IPSec policy applies to scenarios when both ends have fixed IP addresses.
    • If there are only small changes on a small-sized network, you can manually set up an IPSec tunnel using an IPSec policy. For the configuration procedure, see Example for Manually Establishing an IPSec Tunnel.
    • If there are many changes on a medium- or large-sized network, you can set up an IPSec tunnel using an IPSec policy in ISAKMP mode. For the configuration procedure, see Example for Establishing an IPSec Tunnel in IKE Negotiation Mode Using Default Settings.
  • An IPSec tunnel that is set up through PPPoE dialup applies to scenarios when one end or both ends use PPPoE dialup to obtain IP addresses.
    • If one end uses PPPoE dialup while the other end has a fixed IP address, see Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Through PPPoE for the configuration procedure.
    • If both ends use PPPoE dialup, see Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters for the configuration procedure.
  • GRE over IPSec applies to scenarios when secure transmission of multicast services is required (for example, during video conferences between the headquarters and branches). See How Do I Configure GRE over IPSec/IPSec over GRE? for the configuration procedure.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000079719

Views: 495722

Downloads: 4534

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next