Method used to establish an IPSec tunnel through PKI authentication on the AR

2

Huawei AR routers support IPSec tunnel setup through PKI authentication. It is applicable to AR models that run V200R002C00 or later.
For details about the configuration, see "Example for Configuring Two Devices to Pass PKI Identity Authentication Before Establishing an IPSec Tunnel" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

The preceding example describes how to apply for a certificate using PKI SCEP so that IPSec uses certificate authentication. If you have obtained the certificate and then manually import it to the device, perform the following steps:
1. Run the pki import rsa-key-pair { pem | pkcs12 } [ exportable ] [ password ] command to import the RSA key pair to the device memory.
2. Run the pki import-certificate { ca | local } realm { der | pkcs12 | pem } [ filename ] [ replace ] [ no-check-validate ] [ no-check-hash-alg ] command to import the CA or local certificate to the device memory.
3. Run the pki match-rsa-key certificate-filename command to check whether the local certificate has the required RSA key pair. If not, an incorrect RSA key pair or local certificate is imported. You need to import a correct RSA key pair or local certificate.

Other related questions:
Method used to establish an IPSec tunnel through NAT traversal
Huawei AR routers support an IPSec tunnel through NAT traversal. For details about the configuration, see "Example for Establishing an IPSec Tunnel that Traverses NAT Devices" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Method used to establish an IPSec tunnel between the AR and PC
An IPSec tunnel is established between the AR and PC. This example applies to all AR models of V200R002C00 and later versions. For details about the configuration, see "Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Configuring IPSec on an AC
ACs support IPSec, while Fat APs do not support this function. On the Internet, most data is transmitted on IP networks in plaintext mode. This transmission mode has many potential risks. For example, bank accounts and passwords may be intercepted, user identities may be forged, and networks are attacked. IPSec can protect transmitted data to reduce information leak risks. IPSec is a set of open network security protocols defined by the Internet Engineering Task Force (IETF). It ensures integrity and security of data transmitted on the Internet through data source authentication, data encryption, data integrity, and anti-replay at the IP layer. For more information about IPSec configuration on an AC, see: For V200R005: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation. For V200R006: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation.

Method used to configure IPSec on the 3G interface of the AR
Huawei AR series routers can dynamically obtain IP addresses from a service provider to access public network using a 3G interface, and establish IPSec connections with the headquarters. This function applies to V200R002C00 and later versions and all models of the AR. For details, see Typical Configuration Examples.

How many IPSec tunnels can be established on an AR
The number of IPSec tunnels supported by the AR depends on the version. V200R001C00 and V200R001C01: -AR1200 series: 1000 -AR2200 series: 2000 -AR3200 series: 3000 V200R002C00, V200R002C01 and V200R002C02: -AR150 series: 30 -AR200 series: 75 -AR1200 series: 2000 -AR2200 series: 4000 -AR3200 series: 6000 V200R003C00: -AR150 series: 30 -AR200 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204: 2000 -AR2220, AR2240: 4000 -AR3200 series: 6000 V200R003C01: -AR150 series: 30 -AR200 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204: 2000 -AR2220, AR2240: 4000 -AR3200 series: 6000 V200R005C00: -AR150 series: 30 -AR160 series: 30 -AR200 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204: 2000 -AR2220, AR2240 (using SRU40 or SRU60), AR3200 (using SRU40 or SRU60) series: 4000 -AR2240 (using SRU80), AR3200 (using SRU80) series: 6000 V200R005C10: -AR150&160&200 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204: 2000 -AR2220, AR2240 (using SRU40 or SRU60), AR3200 (using SRU40 or SRU60) series: 4000 -AR2240 (using SRU80, SRU200, or SRU400), AR3200 (using SRU80, SRU200, or SRU400) series: 6000 V200R005C20: -AR150&160&200 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204: 2000 -AR2220, AR2240 (using SRU40 or SRU60), AR3200 (using SRU40 or SRU60) series: 4000 -AR2240 (using SRU80, SRU200, or SRU400), AR3200 (using SRU80, SRU200, or SRU400) series: 6000 From V200R005C30 to V200R600: -AR150&160&200 series: 75 -AR510 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204, AR2204E: 2000 -AR2220, AR2240 (using SRU40 or SRU60), AR2240C (using SRU40C), AR3200 (using SRU40 or SRU60) series: 4000 -AR2240 (using SRU80, SRU200, or SRU400), AR3200 (using SRU80, SRU200, or SRU400) series: 6000 V200R007C00 and the later versions: -AR150&160&200 series: 75 -AR510 series: 75 -AR1200 series, AR2201-48FE, AR2202-48FE, AR2204, AR2204E: 2000 -AR2220, AR2240 (using SRU40 or SRU60), AR2240C (using SRU40C), AR3200 (using SRU40 or SRU60) series: 4000 -AR2240 (using SRU80, SRU200, or SRU200E, or SRU400), AR3200 (using SRU80, SRU200, or SRU200E, or SRU400) series: 6000

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top