No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Connecting a VPN to the Internet

Connecting a VPN to the Internet

Pre-configuration Tasks

Configuration Process

Step 1, step 2, and step 3 can be performed at any sequence.

Procedure

  1. Configure a static route on the CE device.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | nexthop-address } [ preference preference | tag tag ] * [ description text ]

      The static route to a public network destination address is configured.

      ip-address can be a public network address or 0.0.0.0. If the dest-ip-address is 0.0.0.0, the static route is also called the default route. The mask of a default route must be 0.0.0.0 or the mask-length of the default route must be 0. The out-interface must be the interface connected directly with the PE device, and the next-hop is the IP address of the peer PE interface connected directly with the CE device.

      NOTE:

      If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.

  2. Configure a static VPN route to the Internet on the PE device.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } nexthop-address public [ preference preference | tag tag ] * [ description text ]

      A static route from the VPN to the Internet is configured and the next-hop address is a public network address.

  3. Configure a static route to the VPN on the PE device.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address | nexthop-address } [ preference preference | tag tag ] * [ description text ]

      The static route from the public network to the VPN is configured and the next-hop address is a private network address.

      NOTE:

      If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.

    3. Advertise the static route to the Internet.

      For detailed configuration, see the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - IP Unicast Routing Configuration Guide. For example, if OSPF is running between the PE device and the Internet, perform the following steps:

      1. Run:
        system-view

        The system view is displayed.

      2. Run:
        ospf [ process-id ]

        The OSPF view is displayed.

      3. Run:
        import-route static

        Static routes are imported into OSPF.

Checking the Configuration

  • Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on the PE device. The command output shows that the route to the CE and the route to the destination device in the public network exist in the VPN routing table.
  • Run the display ip routing-table command to check the routing table on the CE and the destination device in the public network. The command output shows that the CE has the route to the destination device in the public network and the destination device in the public network has the route to the CE.
  • Run the ping command to check the connectivity between the CE and the destination device on the public network. The CE device and the destination device on the public network can ping each other.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 102253

Downloads: 572

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next