No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
PKI in IPSec VPN Networking

PKI in IPSec VPN Networking

Figure 15-2 shows an example of the IPSec VPN networking.

Figure 15-2  Networking of an IPSec VPN application

Subnet A and Subnet B communicate through the Internet. The devices function as the egress gateways for the subnets. To transmit data securely on the insecure Internet, the devices establish an IPSec tunnel with each other.

To establish an IPSec tunnel, the devices use a security association (SA) that is established manually or negotiated using the Internet Key Exchange (IKE) protocol. The IKE protocol provides key negotiation, SA establishment, and SA maintenance to simplify IPSec use and management.

The devices use IKE to authenticate each other. They exchange certificates and authenticate each other's certificate. After completing certificate authentication, the devices (RouterA and RouterB) establish an IPSec SA. In this way, private keys can be transmitted securely on a network without robust security.

In IPSec VPN applications, PKI implements certificate application, certificate renewal, and certificate authentication. IKE peers authenticate each other's certificate during IKE negotiation.

Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13487

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next