No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Spoke1 (AR Router)

Configuring Spoke1 (AR Router)

Configuration Roadmap

  1. Configure an IP address and a static route on each interface to implement communication between both ends.
  2. Configure an mGRE tunnel interface and NHRP information.
  3. Configure a static route to a private network address of the peer.
  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.
  5. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile.
  6. Apply the IPSec profile to the mGRE tunnel interface so that the mGRE tunnel interface can protect traffic.

Procedure

  1. Configure an IP address and a static route on each interface to implement communication between both ends.

    <Huawei> system-view 
    [Huawei] sysname Spoke1 
    [Spoke1] interface gigabitethernet 1/0/0 
    [Spoke1-GigabitEthernet1/0/0] ip address 1.1.2.10 255.255.255.0 
    [Spoke1-GigabitEthernet1/0/0] quit 
    [Spoke1] ip route-static 0.0.0.0 0.0.0.0 1.1.2.1

  2. Configure an mGRE tunnel interface and NHRP information.

    [Spoke1] interface Tunnel0/0/0 
    [Spoke1-Tunnel0/0/0] ip address 10.2.1.2 255.255.255.0 
    [Spoke1-Tunnel0/0/0] tunnel-protocol gre p2mp 
    [Spoke1-Tunnel0/0/0] source gigabitethernet 1/0/0 
    [Spoke1-Tunnel0/0/0] nhrp entry 10.2.1.1 1.1.1.10 register 
    [Spoke1-Tunnel0/0/0] nhrp network-id 1000 
    [Spoke1-Tunnel0/0/0] nhrp authentication simple huawei12 
    [Spoke1-Tunnel0/0/0] nhrp registration interval 1800 
    [Spoke1-Tunnel0/0/0] quit

  3. Configure a static route to a private network address of the peer.

    [Spoke1] ip route-static 10.1.0.0 255.255.255.0 10.2.1.1 
    [Spoke1] ip route-static 10.1.2.0 255.255.255.0 10.2.1.3

  4. Configure an IKE proposal, an IKE peer, and an IPSec proposal, and set IPSec negotiation parameters.

    # Configure an IKE proposal.

    [Spoke1] ike proposal 5 
    [Spoke1-ike-proposal-5] encryption-algorithm aes-cbc-128  
    [Spoke1-ike-proposal-5] authentication-algorithm sha1  
    [Spoke1-ike-proposal-5] dh group5 
    [Spoke1-ike-proposal-5] sa duration 28800 
    [Spoke1-ike-proposal-5] authentication-method pre-share 
    [Spoke1-ike-proposal-5] quit

    # Configure an IKE peer.

    [Spoke1] ike peer spoke1 v1 
    [Spoke1-ike-peer-spoke1] ike-proposal 5 
    [Spoke1-ike-peer-spoke1] pre-shared-key cipher huawei@123 
    [Spoke1-ike-peer-spoke1] exchange-mode main 
    [Spoke1-ike-peer-spoke1] dpd type periodic  
    [Spoke1-ike-peer-spoke1] quit

    # Configure an IPSec proposal.

    [Spoke1] ipsec proposal spoke1 
    [Spoke1-ipsec-proposal-spoke1] transform esp 
    [Spoke1-ipsec-proposal-spoke1] esp authentication-algorithm sha1 
    [Spoke1-ipsec-proposal-spoke1] esp encryption-algorithm aes-128 
    [Spoke1-ipsec-proposal-spoke1] encapsulation-mode transport

  5. Configure an IPSec profile and bind the IPSec proposal and IKE peer to the IPSec profile.

    [Spoke1] ipsec profile profile1 
    [Spoke1-ipsec-profile-profile1] ike-peer spoke1 
    [Spoke1-ipsec-profile-profile1] proposal spoke1 
    [Spoke1-ipsec-profile-profile1] quit

  6. Apply the IPSec profile to the mGRE tunnel interface so that the mGRE tunnel interface can protect traffic.

    [Spoke1] interface tunnel 0/0/0 
    [Spoke1-Tunnel0/0/0] ipsec profile profile1

Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 20359

Downloads: 436

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next