No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of A2A VPN

Overview of A2A VPN


Any to Any VPN (A2A VPN) is a VPN solution that uses the Group Domain of Interpretation (GDOI) protocol to manage keys and GDOI policies in a centralized manner. A2A VPN is mainly used to protect enterprises' internal service traffic that is transmitted over a wide area network (WAN).


As networks develop, enterprises have not only data services but also increasing intelligent services such as voice and video services. These new services impose demands for instant interconnection between enterprise branches. Generally, enterprises deploy dedicated lines such as MPLS VPN to implement interconnection between branches.

However, dedicated lines provide secure communication for enterprises to only a certain extent. Some government regulations, such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS), require that data must be encrypted before it can be transmitted over dedicated lines.

Currently, IPSec is the commonly used encryption solution for dedicated lines. IPSec is a Layer 3 encryption protocol defined by the Internet Engineering Task Force (IETF) and is widely used for data encryption in WAN interconnections between branches. As a traditional Layer 3 VPN technology, IPSec sets up tunnels between specified communicating parties to protect data confidentiality, providing high-quality, interoperable, and cryptology-based security.

IPSec VPN is a point-to-point tunneling technology that focuses on data security and encryption. It has the following disadvantages:
  • Networks face the N2 problem (N branches require N (N-1)/2 tunnels). The configuration and management are complicated and network expansion is difficult.

  • IPSec VPN results in changes to the original route deployment and cannot provide better QoS processing.

  • IPSec VPN does not support multicast services and can hardly support intelligent services.

The A2A VPN solution is developed to overcome the preceding disadvantages. A2A VPN adds a new IP header, same as the raw IP header, to establish non-tunnel connections between branches. It manages keys and GDOI policies in a centralized manner, simplifying network deployment and facilitating network expansion. In addition, it supports multicast features and provides QoS guarantee for voice and video services.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150947

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next