No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Firewall Comprehensive Configuration Examples

This document describes the application scenarios and configuration methods in typical projects of the firewall.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verification

Verification

  1. After the configuration is complete, the IPSec tunnel between the eNodeB and FW_A is working normally, and the MME and S-GW can be accessed.

  2. Check the setup of the IKE SA on FW_A.

    <FW_A> display ike sa      
    Spu board slot 1, cpu 0 ike sa information :                                    
        Conn-ID      Peer           VPN   Flag(s)                Phase                 
      ---------------------------------------------------------------               
        16792025    6.1.1.1               RD|ST|M                v2:2                  
        16792024    6.1.1.1               RD|ST|M                v2:1                  
        83887864    7.1.1.1               RD|ST|M                v2:2                  
        83887652    7.1.1.1               RD|ST|M                v2:1                  
                                                                                    
      Number of SA entries  : 4                                                     
                                                                                    
      Number of SA entries of all cpu : 4
  3. Check the setup of the IPSec SA on FW_A.
    <FW_A> display ipsec sa brief
    Current ipsec sa num:4
    
     Spu board slot 1, cpu 1 ipsec sa information:                                   
    Number of SAs:2                                                              
        Src address   Dst address     SPI      VPN  Protocol     Algorithm       
    ------------------------------------------------------------------------------- 
         3.1.1.1        6.1.1.1    3923280450        ESP       E:AES-256 A:SHA2-256-128
         6.1.1.1        3.1.1.1    787858613         ESP       E:AES-256 A:SHA2-256-128
         3.1.1.1        7.1.1.1    3923280452        ESP       E:AES-256 A:SHA2-256-128
         7.1.1.1        3.1.1.1    787858611         ESP       E:AES-256 A:SHA2-256-128
  4. Run the display hrp state command on FW_A to check the current HRP state.

    HRP_M[FW_A] display hrp state
     Role: active, peer: active                                                    
     Running priority: 49012, peer: 49012                                           
     Backup channel usage: 3%                                                       
     Stable time: 0 days, 5 hours, 1 minutes 
Translation
Download
Updated: 2019-01-26

Document ID: EDOC1100062972

Views: 16592

Downloads: 713

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next