Method used to establish an IPSec tunnel between the AR and PC

20

An IPSec tunnel is established between the AR and PC. This example applies to all AR models of V200R002C00 and later versions.
For details about the configuration, see "Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Other related questions:
Method used to establish an IPSec tunnel through PKI authentication on the AR
Huawei AR routers support IPSec tunnel setup through PKI authentication. It is applicable to AR models that run V200R002C00 or later. For details about the configuration, see "Example for Configuring Two Devices to Pass PKI Identity Authentication Before Establishing an IPSec Tunnel" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. The preceding example describes how to apply for a certificate using PKI SCEP so that IPSec uses certificate authentication. If you have obtained the certificate and then manually import it to the device, perform the following steps: 1. Run the pki import rsa-key-pair { pem | pkcs12 } [ exportable ] [ password ] command to import the RSA key pair to the device memory. 2. Run the pki import-certificate { ca | local } realm { der | pkcs12 | pem } [ filename ] [ replace ] [ no-check-validate ] [ no-check-hash-alg ] command to import the CA or local certificate to the device memory. 3. Run the pki match-rsa-key certificate-filename command to check whether the local certificate has the required RSA key pair. If not, an incorrect RSA key pair or local certificate is imported. You need to import a correct RSA key pair or local certificate.

Configuring IPSec on an AC
ACs support IPSec, while Fat APs do not support this function. On the Internet, most data is transmitted on IP networks in plaintext mode. This transmission mode has many potential risks. For example, bank accounts and passwords may be intercepted, user identities may be forged, and networks are attacked. IPSec can protect transmitted data to reduce information leak risks. IPSec is a set of open network security protocols defined by the Internet Engineering Task Force (IETF). It ensures integrity and security of data transmitted on the Internet through data source authentication, data encryption, data integrity, and anti-replay at the IP layer. For more information about IPSec configuration on an AC, see: For V200R005: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation. For V200R006: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation.

Method used to establish an IPSec tunnel through NAT traversal
Huawei AR routers support an IPSec tunnel through NAT traversal. For details about the configuration, see "Example for Establishing an IPSec Tunnel that Traverses NAT Devices" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

L2TP tunnels fail to be established between the AR and the PC running Windows 8
The possible cause is that the PC uses Windows 8. You must add \ before the user name when inputting a user name. The correct input mode is \vpn. Otherwise, a domain name is automatically added before the user name. As a result, login authentication fails. When inputting a user name on PCI, add \ before the user name, for example, \vpn. Then PC1 dialup succeeds.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top