No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Typical Configuration Examples

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600

This document provides examples for configuring AR router features in typical usage scenarios.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring IPSec VPN

Example for Configuring IPSec VPN

Applicable Products

This example applies to routers of all versions and models.

Networking Requirements

As shown in Figure 4-1, Router_1 is the gateway of an enterprise branch, and Router_2 is the gateway of the headquarters. Router_1 and Router_2 communicate over the public network.

The enterprise wants to protect traffic transmitted over the public network between the enterprise branch and headquarters. An IPSec tunnel can be established between the branch gateway and headquarters gateway to protect data transmitted between them.

Figure 4-1  IPSec VPN networking

Procedure

  1. Configure IP addresses for interfaces of Router_1. The configuration of Router_2 is similar to that of Router_1, and is not mentioned here.

    1. Choose WAN Access > Ethernet Interface to access the Ethernet Interface page, as shown in Figure 4-2.

      Figure 4-2  Ethernet Interface page

    2. In Ethernet Interface List, click next to an Ethernet interface to be configured. On the pages shown in Figure 4-3, configure GE0/0/1 and GE0/0/2.

      Figure 4-3  Modify Ethernet Interface page



  2. Configure a static route for Router_1. The configuration of Router_2 is similar to that of Router_1, and is not mentioned here.

    1. Choose IP Service > Route > Static Route Configuration to access the Static Route Configuration page, as shown in Figure 4-4.

      Figure 4-4  Static Route Configuration page

    2. In IPv4 Static Route Configuration Table, click Create. On the pages shown in Figure 4-5, configure two static routes.

      Figure 4-5  Create IPv4 Static Route Service page

  3. Configure IPSec on Router_1. The configuration of Router_2 is similar to that of Router_1, and is not mentioned here.

    1. Choose Configuration Wizard > IPSec VPN Configuration Wizard, as shown in Figure 4-6.

      Select Site-to-Site and click Next.

      Figure 4-6  IPSec VPN Configuration Wizard page

    2. Configure the interface to which the IPSec policy is to be applied and the peer device address and click Next, as shown in Figure 4-7.

      Figure 4-7  Configure Network page

    3. Enter the source IP address, destination IP address, and wildcard of source and destination IP addresses based on protected data flows, and click Add. Then click Next, as shown in Figure 4-8.

      Figure 4-8  Define Protected Data Flow page

    4. Configure the pre-shared key, IKE parameters, and IPSec parameters. The configurations on both ends must be the same. Then click Next, as shown in Figure 4-9.

      Figure 4-9  Configure Encryption and Authentication page

    5. Check detailed information about the configured IPSec VPN. Click Finish. The IPSec VPN configuration is complete., as shown in Figure 4-10

      Figure 4-10  Confirm Settings page

  4. Verify the configuration.

    # PC_1 and PC_2 can ping each other successfully. If you run the display ipsec statistics esp command on the router, you can find that the count of encapsulated and decapsulated packets is not 0.

Configuration Notes

  • ACLs configured on devices in the headquarters and branch must mirror each other.
  • There must be reachable routes between the headquarters and branch.
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1000079722

Views: 51181

Downloads: 7461

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next