No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


Generally, service data is transparently transmitted on the Internet. This makes the service data prone to attacks, for example, password or bank account information theft or tampering, forced user access, or malicious network attacks. Internet Protocol Security (IPSec) can protect transmitted service data to reduce the risk of information leak.

IPSec is a set of open network security protocols defined by the Internet Engineering Task Force (IETF). Two communicating parties can encrypt data and authenticate the data origin at the IP layer to ensure data confidentiality and integrity and protect against replay attacks on the Internet.

  • Data origin authentication: The receiver checks the validity of the sender.
  • Data encryption: The sender encrypts data packets and transmits the encrypted packets on the Internet. The receiver decrypts and processes received packets or forwards them directly.
  • Data integrity: The receiver authenticates received data to check whether the data has been modified by unauthorized users.
  • Anti-replay: The receiver rejects outdated or repeated data packets to prevent attacks from malicious users.

As shown in Figure 18-1, IPSec connects VPNs over the Internet to allow users to connect to VPNs through the Internet, no matter they are in a remote city or country outside China. IPSec VPN provides the access service for mobile office users and partners, and also enables communication between enterprise branches.

Figure 18-1  Basic IPSec VPN networking

Generally, the headquarters and branches establish IPSec tunnels using ACL. If a large amount of data flows need to be protected by IPSec, it is recommended that IPSec tunnels be established using virtual tunnel (VT) interfaces. There is no need to create ACL rules to define traffic characteristics to be protected.

Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 20083

Downloads: 432

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next