No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

FAQ-How does AR1220 as core node configure aggressive IPsec

Publication Date:  2012-09-22  |   Views:  158  |   Downloads:  0  |   Author:  c00222574  |   Document ID:  EKB1000015688

Contents

Issue Description

Q:
AR1220 as core node whose ike peer did not configure remote-address cannot add ipsec policy, How does AR1220 configure aggressive IPsec at the moment?

Alarm Information

NULL

Handling Process

AR1220 as core node whose ike peer did not configure remote-address,it will report as follows when add ike peer in ipsec policy.
[huawei-ipsec-policy-isakmp-abc-1]ike-peer abc
error: no remote address configured for the ike peer.

But embranchment node address is not fixed,can associate name only, cannot associate address, it can be configured as follows:

ike local-name abc

ike proposal 1

ike peer abc v1
exchange-mode aggressive
pre-shared-key 123456
ike-proposal 1

ipsec proposal ipsec_pro

ipsec policy-template use1 10
ike-peer abc
proposal ipsec_pro

ipsec policy policy1 10 isakmp template use1

interface gigabitethernet 0/0/1
ip address 60.1.1.2 255.255.255.0
ipsec policy policy1

it not need to specify remote address in ike peer, add one policy-template to associate ike-peer, associate policy-template in policy.

Whole configuration for core node and embranchment node can reference the attachment.

Root Cause

NULL

Suggestions

NULL