No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Network Resource Delivery

(Optional) Configuring Network Resource Delivery

Context

Efficient VPN uses the client/server model. It concentrates IPSec and other configurations on the Efficient VPN server (headquarters gateway). When basic parameters for establishing an SA are configured on the remote devices (branch gateways), the remote devices initiate a negotiation and establish an IPSec tunnel with the server. After IPSec tunnels are established, the Efficient VPN server allocates other IPSec attributes and network resources to the remote devices. Efficient VPN simplifies configurations and maintenance of IPSec and network resources of branches.

  1. If an Efficient VPN policy in client or network-plus mode is used, the Efficient VPN server delivers an IP address to the remote device. The remote device then uses this IP address to establish an IPSec tunnel with the Efficient VPN server.
  2. The Efficient VPN server delivers network resources including the DNS domain name, DNS server IP address, and WINS server IP address so that the branch can access server resources on the headquarters network.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ike peer peer-name

    An IKE peer is created and the IKE peer view is displayed.

  3. Run service-scheme service-scheme-name

    A service scheme is bound to the IKE peer.

    By default, no service scheme is bound to an IKE peer.

    service-scheme-name specifies a service scheme that has been created using the service-scheme (AAA view) command.

Follow-up Procedure

Configure an Efficient VPN policy and reference the IKE peer on the Efficient VPN server so that the IP address, DNS domain name, DNS server IP address, and WINS server IP address can be delivered to the branch gateway.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 151575

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next