NetEngine AR600, AR6100, AR6200, and AR6300 V300R019 CLI-based Configuration Guide - VPN
Configuring IKE
IKE provides key negotiation and SA establishment to simplify IPSec use and management.
Pre-configuration Tasks
Before configuring IKE, complete the following tasks:
- Determine parameters in an IKE proposal.
Determine the PKI domain that the IKE peer belongs to if RSA signature authentication is used.
![]()
For details on how to configure PKI, see Huawei AR Series V300R019 Configuration Guide - Security.
- Configuring an IKE Proposal
- Configuring an IKE Peer
- (Optional) Setting the IKE SA Lifetime
- (Optional) Configuring IKE Peer Status Detection
- (Optional) Configuring an Identity Filter Set
- (Optional) Configuring DSCP Priority for IKE Packets
- (Optional) Configuring NAT Traversal
- (Optional) Configuring IPSec VPN Multi-instance
- (Optional) Configuring Network Resource Delivery
- (Optional) Configuring ACL Delivery
- (Optional) Enabling Dependency Between IPSec SA and IKE SA During IKEv1 Negotiation
- (Optional) Configuring Rapid Switchover and Revertive Switching of an IKE Peer
- (Optional) Disabling Validity Verification on Certificates
- (Optional) Configuring IKEv2 Packet Fragmentation
- (Optional) Disabling the Function of Instructing the Peer Device to Delete the Old Child SA
- Verifying the IKE Configuration
Document ID:EDOC1100112360
Views:793395
Downloads:1178
Average rating:5.0Points