No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Summary of IPSec Configuration Tasks

Summary of IPSec Configuration Tasks

Two IPSec peers establish inbound and outbound security associations (SAs) to form a secure IPSec tunnel through which data packets can be transmitted securely on the Internet.

Table 4-5 lists IPSec configuration tasks.

Table 4-5  IPSec configuration tasks

Scenario

Description

Task

Using an ACL to establish an IPSec tunnel

An ACL defines data flows to be protected. You need to configure an IPSec policy and apply the IPSec policy to an interface to protect IPSec packets. You can use an ACL to establish an IPSec tunnel in manual mode or IKE negotiation mode.

SAs can be established in either of the following modes:
  • Manual mode: All information required by SAs must be manually configured.
  • IKE negotiation mode: IPSec peers use IKE to negotiate keys and dynamically create and maintain SAs.
The manual mode applies to small-sized networks or scenarios where a few IPSec peers exist. The IKE negotiation mode applies to medium- and large-sized networks.

Using an ACL to Establish an IPSec Tunnel

Using a tunnel interface to establish an IPSec tunnel

An IPSec tunnel is established using a tunnel interface based on routes. In this mode, routes determine the data flows to be protected.

You need to configure an IPSec profile and apply the IPSec profile to the IPSec tunnel interface to protect IPSec packets. All the packets routed to the IPSec tunnel interface are protected by IPSec.

Using a Virtual Tunnel Interface to Establish an IPSec Tunnel

In manual mode, an ACL is used to establish an IPSec tunnel. In other modes, SAs are generated through IKE negotiation to establish an IPSec tunnel and an IKE peer needs to be configured and referenced.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 34553

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next