No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring RouterA (AR Router)

Configuring RouterA (AR Router)

Configuration Roadmap

  1. Configure an IP address and a static route on each interface to implement communication between both ends.
  2. Configure an IPSec proposal to define the traffic protection method.
  3. Configure an IKE peer and define the attributes used for IKE negotiation.
  4. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile to define the data flows to be protected and protection method.
  5. Apply the IPSec profile to the tunnel interface so that the tunnel interface can protect traffic.

Procedure

  1. Configure an IP address and a static route on each interface to implement communication between both ends over the Internet.

    <Huawei> system-view  
    [Huawei] sysname RouterA  
    [RouterA] interface gigabitethernet 1/0/0  
    [RouterA-GigabitEthernet1/0/0] ip address 1.1.2.10 255.255.255.0  
    [RouterA-GigabitEthernet1/0/0] quit  
    [RouterA] interface gigabitethernet 2/0/0  
    [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 255.255.255.0  
    [RouterA-GigabitEthernet2/0/0] quit  
    [RouterA] ip route-static 0.0.0.0 0.0.0.0 1.1.2.1

  2. Configure a tunnel interface and set the tunnel type to IPSec.

    [RouterA] interface Tunnel0/0/0  
    [RouterA-Tunnel0/0/0] ip address 10.2.1.2 255.255.255.0  
    [RouterA-Tunnel0/0/0] tunnel-protocol ipsec  
    [RouterA-Tunnel0/0/0] source gigabitethernet 1/0/0  
    [RouterA-Tunnel0/0/0] destination 1.1.1.10  
    [RouterA-Tunnel0/0/0] quit

  3. Configure dynamic routes to the private network address of the peer.

    [RouterA] ospf 2  
    [RouterA-ospf-2] area 0.0.0.0 
    [RouterA-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255 
    [RouterA-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.255

  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.

    # Configure an IKE proposal.

    [RouterA] ike proposal 5  
    [RouterA-ike-proposal-5] encryption-algorithm aes-cbc-128 
    [RouterA-ike-proposal-5] authentication-algorithm sha1 
    [RouterA-ike-proposal-5] dh group5  
    [RouterA-ike-proposal-5] authentication-method pre-share  
    [RouterA-ike-proposal-5] quit

    # Configure an IKE peer.

    [RouterA] ike peer RouterA v1  
    [RouterA-ike-peer-RouterA] ike-proposal 5  
    [RouterA-ike-peer-RouterA] pre-shared-key cipher huawei@123 
    [RouterA-ike-peer-RouterA] dpd type periodic   
    [RouterA-ike-peer-RouterA] dpd msg seq-hash-notify 
    [RouterA-ike-peer-RouterA] quit

    # Configure an IPSec proposal.

    [RouterA] ipsec proposal RouterA  
    [RouterA-ipsec-proposal-RouterA] transform esp  
    [RouterA-ipsec-proposal-RouterA] encapsulation-mode tunnel 
    [RouterA-ipsec-proposal-RouterA] esp authentication-algorithm sha1
    [RouterA-ipsec-proposal-RouterA] esp encryption-algorithm aes-128

  5. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile.

    [RouterA] ipsec profile profile1  
    [RouterA-ipsec-profile-profile1] ike-peer RouterA  
    [RouterA-ipsec-profile-profile1] proposal RouterA  
    [RouterA-ipsec-profile-profile1] quit

  6. Apply the IPSec profile to the tunnel interface so that the tunnel interface can protect traffic.

    [RouterA] interface tunnel 0/0/0  
    [RouterA-Tunnel0/0/0] ipsec profile profile1

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 21040

Downloads: 440

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next