No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Interoperation Configuration Guide

AR Router

This document provides cases for connecting AR enterprise routers to devices of other vendors.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Precautions

Precautions

  • Default IPSec parameter settings on different vendors' devices may be different, and need to be adjusted as needed. Ensure that the configurations of devices at both ends of an IPSec tunnel are consistent.
  • The DPD packet formats supported by a Fortinet firewall and an AR are different. If DPD detection is enabled, the DPD packet format of the AR router must be set to seq-hash-notify.
  • When an AR connects to a non-Huawei device and IPSec protocols of both devices define SHA-2, an IPSec tunnel can be established but traffic forwarding fails. The possible cause is that both devices use different encryption/decryption modes of SHA-2. In this case, run the ipsec authentication sha2 compatible enable command on the AR router so that both devices use the same encryption/decryption modes of SHA-2.
  • The commands used to configure IKE peers and the IKE protocol differ depending on the software version.
    • In earlier versions of V200R008:

      ike peer peer-name [ v1 | v2 ]

    • In V200R008 and later versions:

      • To configure IKE peers: ike peer peer-name

      • To configure the IKE protocol: version { 1 | 2 }

        By default, IKEv1 and IKEv2 are enabled simultaneously. An initiator uses IKEv2 to initiate a negotiation request, while a responder uses IKEv1 or IKEv2 to respond. To initiate a negotiation request using IKEv1, run the undo version 2 command.

  • In V200R008 and later versions, the device does not support the remote-name command. This command provides teh same function as the remote-id command.
  • In V200R008 and later versions, the device does not support the local-id-type name command. This command provides teh same function as the local-id-type fqdn command.
  • Configure pre-shared key:

    • In V200R003C00 and later versions: The command format is pre-shared-key { simple | cipher } key.
    • In V200R003C00 and earlier versions: The command format is pre-shared-key key.
Translation
Download
Updated: 2019-05-17

Document ID: EDOC1100034005

Views: 22835

Downloads: 451

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next