No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Device to Keep IPSec Tunnel Indexes Unchanged Based on the Peer IP Address During IPSec Tunnel Re-establishment

(Optional) Configuring the Device to Keep IPSec Tunnel Indexes Unchanged Based on the Peer IP Address During IPSec Tunnel Re-establishment

Context

In an MIB table, an IPSec tunnel index is the unique identifier of an IPSec tunnel. During IPSec tunnel establishment, the device generates an IPSec tunnel index mapping table to record IPSec tunnel index to IPSec tunnel mapping. In this mapping table, the device searches for the corresponding IPSec tunnel based on an IPSec tunnel index. However, when an IPSec tunnel is re-established, its IPSec tunnel index changes by default. As a result, the IPSec tunnel cannot be found based on its previous IPSec tunnel index. In this case, configure the device to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment. This configuration ensures that an IPSec tunnel can be found using its fixed IPSec tunnel index.

NOTE:
  • This function works only when devices on both ends use fixed IPv4 addresses and establish only one IPSec tunnel.

  • During IPSec tunnel re-establishment, this function allows the device to keep only the first 1024 IPSec tunnel indexes unchanged based on the sequence in which IPSec tunnels are re-established.
  • An IPSec tunnel index mapping table cannot be backed up, so this function does not work in an active/standby switchover scenario.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipsec tunnel-index based remote-ip

    The device is configured to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.

    By default, the device is not configured to keep IPSec tunnel indexes unchanged based on the peer IP address during IPSec tunnel re-establishment.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31635

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next