No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring RouterB (Cisco Router)

Configuring RouterB (Cisco Router)

Configuration Roadmap

  1. Configure an IP address and a static route on each interface to implement communication between both ends.
  2. Configure an IPSec proposal to define the traffic protection method.
  3. Configure an IKE peer and define the attributes used for IKE negotiation.
  4. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile to define the data flows to be protected and protection method.
  5. Apply the IPSec profile to the tunnel interface so that the tunnel interface can protect traffic.

Procedure

  1. Configure an IP address and a static route on each interface to implement communication between both ends over the Internet.

    RouterB#configure  
    RouterB(config)#interface gigabitethernet 0/1  
    RouterB(config-if)#ip address 1.1.1.10 255.255.255.0  
    RouterB(config-if)#exit  
    RouterB(config)#interface gigabitethernet 0/2  
    RouterB(config-if)#ip address 10.1.2.1 255.255.255.0  
    RouterB(config-if)#exit 
    RouterB(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1

  2. Configure a tunnel interface and set the tunnel type to IPSec.

    RouterB(config)#interface tunnel 0  
    RouterB(config-if)#ip address 10.2.1.1 255.255.255.0  
    RouterB(config-if)#tunnel mode ipsec ipv4 
    RouterB(config-if)#tunnel source gigabitethernet0/1  
    RouterB(config-if)#tunnel destination 1.1.2.10 
    RouterB(config-if)#exit

  3. Configure dynamic routes to the private network address of the peer.

    RouterB(config)#RouterB ospf 2 
    RouterB(config-RouterB)#network 10.2.1.0 0.0.0.255 area 0 
    RouterB(config-RouterB)#network 10.1.2.0 0.0.0.255 area 0 
    RouterB(config-RouterB)#exit

  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.

    # Configure an IKE proposal.

    RouterB(config)#crypto isakmp policy 10   
    RouterB(config-isakmp)#hash sha  
    RouterB(config-isakmp)#encryption aes 128  
    RouterB(config-isakmp)#group 5  
    RouterB(config-isakmp)#authentication pre-share  
    RouterB(config-isakmp)#exit

    # Set IPSec phase 1 negotiation parameters.

    RouterB(config)#crypto isakmp key huawei@123 address 0.0.0.0 no-xauth 
    RouterB(config)#crypto isakmp keepalive 10 periodic

    # Configure an IPSec proposal.

    RouterB(config)#crypto ipsec transform-set tran1 esp-sha-hmac esp-aes 128  
    RouterB(cfg-crypto-trans)#mode tunnel  
    RouterB(cfg-crypto-trans)#exit

  5. Configure an IPSec profile and bind the IPSec proposal to the IPSec profile.

    RouterB(config)#crypto ipsec profile profile1  
    RouterB(ipsec-profile)#set transform-set tran1  
    RouterB(ipsec-profile)#exit

  6. Apply the IPSec profile to the tunnel interface so that the tunnel interface can protect traffic.

    RouterB(config)#interface tunnel 0  
    RouterB(config-if)#tunnel protection ipsec profile profile1  
    RouterB(config-if)#exit

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 27554

Downloads: 501

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next