No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Security Proposal

Configuring a Security Proposal

Context

Before using IPSec to authenticate and encrypt data, you must create a security proposal and define the security protocol type, data authentication and encryption algorithms, and data encapsulation mode in the security proposal.

The security protocols, data authentication and encryption algorithms, and data encapsulation modes must be the same on IPSec peers.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipsec proto-protect proposal proposal-name

    A security proposal is created and the security proposal view is displayed.

    By default, no security proposal is created.

  3. Run encapsulation-mode { transport | tunnel }

    The data encapsulation mode is configured.

    By default, the encapsulation mode is set to tunnel.

    NOTE:

    In transport mode, the two devices encrypting and decrypting packets must be the original packet sender and final receiver, respectively. Therefore, the transport mode is applicable to the scenario in which two hosts or a host and a security gateway communicate with each other.

  4. Run transform { ah | esp }

    A security protocol is configured.

    By default, the Encapsulating Security Payload (ESP) protocol is configured.

  5. An authentication algorithm and an encryption algorithm are configured based on the selected security protocol.

    • When Authentication Header (AH) is configured.

      Run ah authentication-algorithm { md5 | sha1 | sha2-256 }

      An AH-specific authentication algorithm is configured.

      By default, the authentication algorithm Secure Hash Algorithm 2-256 (SHA2-256) is used for AH.

      To ensure high security, you are advised to use SHA2-256 as the authentication algorithm of AH.

    • When ESP is configured.

      Run esp authentication-algorithm { md5 | sha1 | sha2-256 }

      An ESP-specific authentication algorithm is configured.

      By default, the authentication algorithm SHA2-256 is used for ESP.

      To ensure high security, you are advised to use SHA2-256 as the ESP authentication algorithm.

    • When ESP is configured.

      Run esp encryption-algorithm { des | 3des | aes [ 128 | 192 | 256 ] }

      An ESP-specific encryption algorithm is configured.

      By default, the encryption algorithm Advanced Encryption Standard 256 (AES-256) is used for ESP.

      To ensure high security, do not use the Data Encryption Standard (DES) algorithm as the ESP encryption algorithm.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144239

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next