No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using an ACL to Establish an IPSec Tunnel

Using an ACL to Establish an IPSec Tunnel

Pre-configuration Tasks

On an IPSec tunnel established in manual or IKE negotiation mode, an ACL defines data flows to be protected. The packets that match the permit clauses in the ACL are protected, and the packets that match the deny clauses are not protected. The ACL can define packet attributes such as the IP address, port number, and protocol type, which help you flexibly define IPSec policies.

Before establishing an IPSec tunnel using an ACL, complete the following tasks:
  • Configure a reachable route between source and destination interfaces.
  • (Optional) If ACL-based GRE over IPSec needs to be configured, perform the following configurations:

    1. Create a tunnel interface and set the type of the interface to GRE.
    2. Configure source and destination IP addresses, and interface IP addresses. The source IP address is the IP address of the outbound interface on the gateway, and the destination IP address is the IP address of the outbound interface on the remote gateway.
    3. Add tunnel interfaces to a zone.

Configuration Process

Figure 4-24 shows the configuration process (IKEv1 is used).

Figure 4-24  Using an ACL to establish an IPSec tunnel
Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 34481

Downloads: 45

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next