Networking Requirements
On a network shown in Figure Establishing an IPSec tunnel between a branch gateway (AR) and headquarters gateway (Cisco router) using VT interfaces, AR router RouterA functions as the branch gateway and Cisco router RouterB functions as the headquarters gateway. They communicate over the Internet.
The enterprise wants to protect traffic transmitted over the Internet between the enterprise branch and headquarters. An IPSec tunnel can be established between the headquarters gateway and branch gateway to protect communication between the headquarters and branch over the Internet. If a large amount of data flows need to be protected by IPSec, it is recommended that the IPSec tunnel be established using virtual tunnel (VT) interfaces. There is no need to create ACL rules to define traffic characteristics to be protected.
Figure1 Establishing an IPSec tunnel between a branch gateway (AR) and headquarters gateway (Cisco router) using VT interfaces
Data Plan
Before the configuration, plan data according to Table Data plan for interconnection between the RouterA and RouterB. The data in Table Data plan for interconnection between the RouterA and RouterB is used for reference only.
RouterA Public Network Address | 1.1.2.10 |
RouterA Tunnel Interface Address | 10.2.1.2 |
RouterA Private Network Address | 10.1.1.1 |
RouterB Public Network Address | 1.1.1.10 |
RouterB Tunnel Interface Address | 10.2.1.1 |
RouterB Private Network Address | 10.1.2.1 |
Parameters for IPSec Phase 1 (IKE Negotiation Phase) | IKE version: v1 Negotiation mode: main Authentication method: pre-shared key Pre-shared key: huawei@123 Encryption algorithm: aes-cbc-128 Authentication algorithm: sha1 DH group: group5 DPD detection: enabled |
Parameters for IPSec Phase 2 (IPSec Negotiation Phase) | Security protocol: ESP Encapsulation mode: tunnel Encryption algorithm: aes-128 Authentication algorithm: sha1 Lifetime: 3600s (default value) PFS: disabled |
