Huawei IPSec simple configuration
Node A:
# sysname anode # super password level 1 cipher sample_password super password level 2 cipher sample_password super password level 3 cipher sample_password # clock timezone Italy add 02:00:00 # FTP server enable # l2tp domain suffix-separator @ # ike local-name anode # radius scheme system # domain system # local-user admin password cipher sample_password service-type ssh telnet terminal level 3 service-type ftp # ike peer bnode pre-shared-key sample_PSK remote-name bnode remote-address 150.0.0.2 local-address 150.0.0.1 # ipsec proposal proposal1 esp encryption-algorithm 3des # ipsec policy vpn 10 isakmp security acl 3002 ike-peer bnode proposal proposal1 # interface Virtual-Template0 ppp pap local-user sample_user password simple sample_password ip address ppp-negotiate nat outbound 3999 ipsec policy vpn # interface Aux0 async mode flow # interface Ethernet0/0 ip address 192.168.0.254 255.255.255.0 # interface Serial0/0 clock DTECLK1 link-protocol ppp shutdown ip address ppp-negotiate # interface Atm1/0 pvc 8/35 encapsulation aal5mux map ppp Virtual-Template0 # interface NULL0 # acl number 3002 rule 1 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 127 deny ip acl number 3999 rule 0 deny ip destination 192.168.1.0 0.0.0.255 rule 1 permit ip source 192.168.255.0 0.0.0.255 rule 127 deny ip # ip route-static 0.0.0.0 0.0.0.0 Virtual-Template 0 preference 60 # ssh user admin authentication-type all # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return
Node B:
# sysname bnode # super password level 1 cipher sample_password super password level 2 cipher sample_password super password level 3 cipher sample_password # clock timezone Italy add 02:00:00 # FTP server enable # l2tp domain suffix-separator @ # ike local-name bnode # radius scheme system # domain system # local-user admin password cipher sample_password service-type ssh telnet terminal level 3 service-type ftp # ike peer anode pre-shared-key sample_PSK remote-name anode remote-address 150.0.0.1 local-address 150.0.0.2 # ipsec proposal proposal1 esp encryption-algorithm 3des # ipsec policy vpn 10 isakmp security acl 3002 ike-peer anode proposal proposal1 # interface Virtual-Template0 ppp pap local-user sample_user password simple sample_password ip address ppp-negotiate nat outbound 3999 ipsec policy vpn # interface Aux0 async mode flow # interface Ethernet0/0 ip address 192.168.0.254 255.255.255.0 # interface Serial0/0 clock DTECLK1 link-protocol ppp shutdown ip address ppp-negotiate # interface Atm1/0 pvc 8/35 encapsulation aal5mux map ppp Virtual-Template0 # interface NULL0 # acl number 3002 rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 rule 127 deny ip acl number 3999 rule 0 deny ip destination 192.168.0.0 0.0.0.255 rule 1 permit ip source 192.168.255.0 0.0.0.255 rule 127 deny ip # ip route-static 0.0.0.0 0.0.0.0 Virtual-Template 0 preference 60 # ssh user admin authentication-type all # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return