Publication Date: 2012-07-27 | Views: 7 | Downloads: 0 | Author: y45575 | Document ID: EKB0000173704
I used two AR routers to establish IPsec VPN, the two routers were named Router A and Router B.
After I finished the configuration as below, I could ping successfully between Router A and Router B, but when I used the command of 'display ike sa' and 'display IPsec sa' to check, i found that the IPsec SAs were not established.
The configuration of Router A as below:
[Quidway]acl number 3000
[Quidway-acl-adv-3000]rule permit ip source 10.111.0.0 0.0.255.255 des 10.112.0.0 0.0.255.255
[Quidway-acl-adv-3000]rule deny ip source any des any
[Quidway]ipsec proposal 123
[Quidway-ipsec-proposal-123]encapsulation-mode tunnel
[Quidway-ipsec-proposal-123]transform esp
[Quidway-ipsec-proposal-123]esp encryption-algorithm des
[Quidway-ipsec-proposal-123]esp authentication-algorithm sha1
[Quidway-ipsec-proposal-123] quit
[Quidway]ike peer test
[Quidway-ike-peer-test]exchange-mode aggressive
[Quidway-ike-peer-test]pre-shared-key huawei
[Quidway-ike-peer-test]id-type ip
[Quidway-ike-peer-test]remote-address 202.38.0.2
[Quidway] ipsec policy pol1 1 isakmp
[Quidway-ipsec-policy-isakmp-pol1-1] security acl 3000
[Quidway-ipsec-policy-isakmp-pol1-1] ike-peer test
[Quidway-ipsec-policy-isakmp-pol1-1] proposal 123
[Quidway-Ethernet0/0/0]ip address 202.38.0.1 255.255.255.0
[Quidway-Ethernet0/0/0]quit
[Quidway-Ethernet0/0/1]ip address 10.111.0.2 255.255.255.0
[Quidway-Ethernet0/0/1]quit
[Quidway]ip route-static 10.112.0.0 255.255.0.0 202.38.0.2
[Quidway-Ethernet0/0/0]ipsec policy pol1
The configuration of Router B was similar to Router A.
Null
Null