No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of IPSec

Overview of IPSec


As the Internet has developed, more and more enterprises are connected directly through the Internet. However, the IP protocol common on the Internet provides no security mechanism and many unreliable users and network devices may be connected. These disadvantages expose end users' service data to forging, tampering, and theft when traversing the Internet, which is composed of many smaller unknown networks. Therefore, a common IP-compatible network security solution is urgently needed.

To solve the preceding problems, Internet Protocol Security (IPSec) was developed to address some of the security flaws of IP. It works at the IP layer and provides transparent security services for IP network communication.


IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) for providing secure transmission of data over IP networks. These protocols include the Authentication Header (AH) and Encapsulation Security Payload (ESP). The IPSec framework also includes key exchange and algorithms used for authentication and encryption.

These protocols allow two devices to establish an IPSec tunnel between them, so that data is securely forwarded over the IPSec tunnel.


IPSec uses encryption and authentication to provide secure transmission of service data over the Internet. Key aspects of this are as follows:
  • Data origin authentication: The receiver checks validity of the sender.
  • Data encryption: The sender encrypts data packets and transmits them in ciphertext on the Internet. The receiver decrypts or directly forwards the received data packets.
  • Data integrity: The receiver authenticates the received data to ensure that it has not been tampered with during transmission.
  • Anti-replay: The receiver rejects old or duplicate packets to prevent attacks that malicious users initiate by resending obtained packets.
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 142565

Downloads: 359

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next