No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Hub (Cisco Router)

Configuring the Hub (Cisco Router)

Configuration Roadmap

  1. Configure an IP address and a static route on each interface to implement communication between both ends.
  2. Configure an mGRE tunnel interface and NHRP information.
  3. Configure a static route to a private network address of the peer.
  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.
  5. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile.
  6. Apply the IPSec profile to the mGRE tunnel interface so that the mGRE tunnel interface can protect traffic.

Procedure

  1. Configure an IP address and a static route on each interface to implement communication between both ends.

    Router#configure 
    Router(config)#interface gigabitethernet 0/1 
    Router(config-if)#ip address 1.1.1.10 255.255.255.0 
    Router(config-if)#exit 
    Router(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1

  2. Configure an mGRE tunnel interface and NHRP information.

    Router(config)#interface tunnel 0 
    Router(config-if)#ip address 10.2.1.1 255.255.255.0 
    Router(config-if)#tunnel mode  gre multipoint 
    Router(config-if)#tunnel source gigabitethernet0/1 
    Router(config-if)#ip nhrp holdtime 3600 
    Router(config-if)#ip nhrp network-id 1000 
    Router(config-if)#ip nhrp authentication huawei12 
    Router(config-if)#ip nhrp map multicast dynamic 
    Router(config-if)#exit

  3. Configure a static route to a private network address of the peer.

    Router(config)#ip route 10.1.2.0 255.255.255.0 10.2.1.3 
    Router(config)#ip route 10.1.1.0 255.255.255.0 10.2.1.2

  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.

    # Configure an IKE proposal.

    Router(config)#crypto isakmp policy 10                             
    Router(config-isakmp)#hash sha 
    Router(config-isakmp)#encryption aes 128 
    Router(config-isakmp)#group 5 
    Router(config-isakmp)#authentication pre-share 
    Router(config-isakmp)#lifetime 28800 
    Router(config-isakmp)#exit

    # Set IPSec phase 1 negotiation parameters.

    Router(config)#crypto isakmp key huawei@123 address 0.0.0.0 no-xauth

    # Configure an IPSec proposal.

    Router(config)#crypto ipsec transform-set tran1 esp-sha-hmac esp-aes 128 
    Router(cfg-crypto-trans)#mode transport require 
    Router(cfg-crypto-trans)#exit

  5. Configure an IPSec profile and bind the IPSec proposal to the IPSec profile.

    Router(config)#crypto ipsec profile profile1 
    Router(ipsec-profile)#set transform-set tran1 
    Router(ipsec-profile)#exit

  6. Apply the IPSec profile to the mGRE tunnel interface so that the mGRE tunnel interface can protect traffic.

    Router(config)#interface tunnel 0 
    Router(config-if)#tunnel protection ipsec profile profile1 
    Router(config-if)#exit

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 22725

Downloads: 450

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next