No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Precautions

Precautions

  • Devices from different vendors may have different default values for IPSec parameters. Adjust IPSec parameter values based on actual needs to ensure that they are the same on two the devices at both ends of an IPSec tunnel.
  • The dead peer detection (DPD) packet format supported by Cisco differs from the default DPD packet format on the AR. If DPD is enabled, you need to set the DPD packet format on the AR to seq-hash-notify.
  • When the IPSec protocol on both the AR and its connected vendor device uses the SHA-2 algorithm, an IPSec tunnel can be established but traffic cannot be transmitted if the SHA-2 encryption and decryption modes on the two devices are different. If so, you are advised to run the ipsec authentication sha2 compatible enable command on the AR to set the SHA-2 encryption and decryption modes to be the same as those on the vendor device.
  • If the source address of a tunnel interface is a dynamic IP address, you are advised to configure source as the source interface to prevent impact on the IPSec configuration due to the address change.
  • The commands used to configure IKE peers and the IKE protocol differ depending on the software version.
    • In earlier versions of V200R008:

      ike peer peer-name [ v1 | v2 ]

    • In V200R008 and later versions:

      • To configure IKE peers: ike peer peer-name

      • To configure the IKE protocol: version { 1 | 2 }

        By default, IKEv1 and IKEv2 are enabled simultaneously. An initiator uses IKEv2 to initiate a negotiation request, while a responder uses IKEv1 or IKEv2 to respond. To initiate a negotiation request using IKEv1, run the undo version 2 command.

  • In V200R008 and later versions, the device does not support the remote-name command. This command provides teh same function as the remote-id command.
  • In V200R008 and later versions, the device does not support the local-id-type name command. This command provides teh same function as the local-id-type fqdn command.
  • Configure pre-shared key:

    • In V200R003C00 and later versions: The command format is pre-shared-key { simple | cipher } key.
    • In V200R003C00 and earlier versions: The command format is pre-shared-key key.
Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 20127

Downloads: 432

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next