No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Connecting a VPN to the Internet

Connecting a VPN to the Internet

Generally, users within a VPN cannot communicate with Internet users because VPN users cannot access the Internet. If each VPN site needs to access the Internet, configure the interconnection between the VPN and the Internet.

Pre-configuration Tasks

Before connecting a VPN to the Internet, complete the following task:

Configuration Procedure

Step 1, step 2, and step 3 can be performed in any sequence.

Procedure

  1. Configure a static route on the CE device.
    1. Run system-view

      The system view is displayed.

    2. Run ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | nexthop-address } [ preference preference | tag tag ] * [ description text ]

      The static route to a public network destination address is configured.

      ip-address can be a public network address or 0.0.0.0. If the dest-ip-address is 0.0.0.0, the static route is also called the default route. The mask of a default route must be 0.0.0.0 or the mask-length of the default route must be 0. The outbound interface must be the interface connected directly with the PE device. The next-hop is the IP address of the peer PE interface connected directly with the CE device.

      NOTE:

      If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.

    3. Run commit

      The configuration is committed.

  2. Configure a static VPN route to the Internet on the PE device.
    1. Run system-view

      The system view is displayed.

    2. Run ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } nexthop-address public [ preference preference | tag tag ] * [ description text ]

      A static route from the VPN to the Internet is configured. The next-hop address is a public network address.

    3. Run commit

      The configuration is committed.

  3. Configure a static route to the VPN on the PE device.
    1. Run system-view

      The system view is displayed.

    2. Run ip route-static ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address | nexthop-address } [ preference preference | tag tag ] * [ description text ]

      The static route from the public network to the VPN is configured. The next-hop address is a private network address.

      NOTE:

      If the CE and PE devices are connected through an Ethernet network, the next-hop must be specified.

    3. Advertise the static route to the Internet.

      For the detailed configuration, see the CloudEngine 12800 and 12800E Series Switches Configuration Guide - IP Routing. For example, if OSPF is running between the PE device and the Internet, perform the following steps:

      1. Run system-view

        The system view is displayed.

      2. Run ospf [ process-id ]

        The OSPF view is displayed.

      3. Run import-route static

        The static routes are imported into OSPF.

    4. Run commit

      The configuration is committed.

Verifying the Configuration

  • Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on the PE device. If the route to the CE and the route to the destination device in the public network exist in the VPN routing table, the configuration is successful.
  • Run the display ip routing-table command to check the routing table on the CE and the destination device in the public network. If the CE has the route to the destination device in the public network and the destination device in the public network has the route to the CE, the configuration is successful.
  • Run the ping command to check the connectivity between the CE and the destination device on the public network. If the CE device and the destination device on the public network can ping each other, the configuration is successful.
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14359

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next