No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for IPSec--S2E

Licensing Requirements and Limitations for IPSec--S2E

Licensing Requirements

This feature is a basic feature and is not under license control.

Restrictions and Guidelines

Restrictions

Guidelines

Impact

The port number in an ACL referenced by IPsec must be configured as eq.

Configure ACL rule referenced by IPSec properly.

Negotiation fails.

IKE IPsec supports only the tunnel mode, and manual IPsec supports only the transfer mode.

Select the correct tunnel mode.

Traffic is interrupted.

Only IKEv1 supports the algorithms approved by the State Password Administration Committee Office(SM2, SM3, and SM4).

Set parameters correctly.

IKE negotiation fails.

IKEv1 main mode does not support NAT traversal.

Avoid NAT traversal in IKEv1 main mode.

IKE negotiation fails.

The ACL and IKE peer are required in an IPsec policy. The VPN configured in an ACL rule must be the same as the VPN that is bound to the IKE peer.

Ensure that the VPN that is bound to the IKE peer is the same as the VPN configured in the ACL rule.

IPsec traffic forwarding fails when the configurations are not the same.

In mGRE over IPSec scenarios, IPsec traffic filtering and traffic mirroring are implemented based on non-original GRE packets.

None

In mGRE over IPSec scenarios, IPsec traffic filtering and traffic mirroring are implemented based on non-original GRE packets.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20517

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next