No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring an IPSec Profile

(Optional) Configuring an IPSec Profile


Data transmitted between the central office and a branch, and between branches can be encrypted to increase data security. Binding an IPSec profile to DSVPN can dynamically establish an mGRE over IPSec tunnel.

Before configuring an IPSec profile for DSVPN, you need to perform the following operations:

After completing the preceding configuration, perform the following operations on the Hub and Spokes.


  1. Run system-view

    The system view is displayed.

  2. Run ipsec profile profile-name

    An IPSec profile is created and the IPSec profile view is displayed.

  3. Run ike-peer peer-name

    An IKE peer is bound to the IPSec profile.

  4. Run proposal proposal-name

    An IPSec proposal is bound to the IPSec profile.

  5. (Optional) Run pfs { dh-group1 | dh-group2 | dh-group5 | dh-group14 | dh-group19 | dh-group20 | dh-group21 }

    The perfect forward secrecy (PFS) feature is used in IPSec negotiation.

    By default, PFS is not used in IPSec negotiation.

    If PFS is specified on the local end, you also need to specify PFS on the remote peer. The Diffie-Hellman groups specified on the two ends must be the same. Otherwise, the negotiation fails.

  6. Run quit

    Return to the system view.

  7. Run interface tunnel interface-number

    The tunnel interface view is displayed.

  8. Run tunnel-protocol gre p2mp

    The tunnel encapsulation mode is configured.

  9. Run ipsec profile profile-name

    The tunnel interface is bound to an IPSec profile.

Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31418

Downloads: 43

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next