No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S600-E V200R012C00 Configuration Guide - VPN

This document describes the configurations of VPN, including IPSec, MCE.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Efficient VPN Server

Configuring the Efficient VPN Server


Parameters on the Efficient VPN server include network resource parameters and IPSec parameters:
  1. Network resource parameters include the IP address, domain name, DNS server address, and WINS server address. The Efficient VPN server can deliver network resource parameters to the remote device over the IPSec tunnel.

  2. An SA must be set up through an IPSec policy template. There are limitations on other IPSec parameters. Table 2-9 lists restrictions on some IPSec parameters supported on the switch.

    Table 2-9  IPSec parameters supported on the switch

    IPSec Parameter


    Identity authentication method

    Pre-shared key authentication

    Security protocol


    Encapsulation mode

    Tunnel mode

    Negotiation mode in IKEv1 phase 1

    Aggressive mode

    IKE authentication algorithm

    MD5, SHA1, SHA2-256, SHA2-384, and SHA2-512

    IKE encryption algorithm

    DES, 3DES, AES-128, AES-192, and AES-256

    IKEv2 integrity check algorithm

    AES-XCBC-96, HMAC-MD5-96, HMAC-SHA1-96, HMAC-SHA2-256, HMAC-SHA2-384, and HMAC-SHA2-512

    IKEv2 PRF algorithm

    AES-XCBC-128, HMAC-MD5, HMAC-SHA1, HMAC-SHA2-256, HMAC-SHA2-384, and HMAC-SHA2-512

    DH algorithm

    group14, group5, group2, and group1

    IPSec authentication algorithm

    MD5, SHA1, SHA2-256, SHA2-384, and SHA2-512

    IPSec encryption algorithm

    DES, 3DES, AES-128, AES-192, and AES-256
The switch cannot function as the Efficient VPN server. For detailed configurations of the Efficient VPN server, see the configuration guide from the corresponding vendor. The detailed configuration procedure is as follows:
  1. Configure network resource parameters to be pushed to the remote end.
  2. Define data flows to be encrypted for protection.
  3. Configure an IKE proposal to define the identity authentication method, authentication/encryption algorithm, and DH algorithm.
  4. Configure an IKE peer to reference the IKE proposal and configure parameters, such as the pre-shared key, IKE version, and remote address.
  5. Configure an IPSec proposal and define the security protocol, authentication/encryption algorithm, and encapsulation mode.
  6. Configure an IPSec policy and apply the ACLs and IPSec proposal to the IPSec policy.
  7. Apply the IPSec policy to an interface.
Updated: 2018-09-01

Document ID: EDOC1100037956

Views: 2762

Downloads: 7

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next