Method used to configure VRRP and IPSec on the AR

17

Huawei AR routers support the VRRP configuration in the headquarters when an IPSec tunnel is set up between the headquarters and branch. When the master gateway router of the headquarters is faulty, services are automatically switched to the backup gateway. For details, see "Example for Configuring VRRP in the Headquarters to Allow the Branch to Establish an IPSec Tunnel with the Headquarters Using the VRRP Virtual Address" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. In other scenarios, check whether the disconnected IPSec connection is caused by the cable. In this case, the IPSec connection cannot be automatically reestablished.

Other related questions:
Method used to configure GRE over IPSec on the AR
Huawei AR routers support interworking between devices through GRE over IPSec and IPSec over GRE. GRE over IPSec is supported by all AR models and versions, whereas IPSec over GRE is supported only by AR models that run V200R005C10 or later versions. For details on how to configure IPSec over GRE, see "Example for Configuring L2TP Over IPSec to Implement Secure Communication Between the Branch and Headquarters" of "Using VPN to Implement WAN Interconnection-GRE" in Product Documentation. For details on how to configure GRE over IPSec, see "Example for Configuring GRE Over IPSec to Implement Communication Between Devices", "Example for Configuring OSPF and GRE Over IPSec to Implement Communication Between the Branch and Headquarters", and "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Method used to configure a IPSec policy template on the AR
Huawei AR routers support IPSec tunnels by configuring an IPSec policy template. For details about the configuration, see "Example for Establishing Multiple IPSec Tunnels Between the Headquarters and Branches Using the IPSec Policy Template" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. When an IPSec policy template is used to configure IPSec policies, the configuration workload for establishing multiple IPSec tunnels can be reduced. This IPSec policy configuration mode is often used in the headquarters in scenarios where the remote IP address is not fixed (for example, the remote end obtains an IP address through PPPoE) or there are multiple remote devices.

Method used to configure association between BFD and VRRP on the AR
Run the vrrp vrid virtual-router-id track bfd-session session-id peer command to enable VRRP to monitor the BFD session status to implement an active/standby switchover.

Example:
#
interface Vlanif1
ip address 192.168.0.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 90
vrrp vrid 1 track bfd-session 20 increased 20 //Associate VRRP with BFD to implement a rapid active/standby switchover.
vrrp vrid 2 virtual-ip 192.168.0.2 //VRRP groups 1 and 2 implement load balancing.
vrrp vrid 2 track bfd-session 20 reduced 20
traffic-policy 0 inbound //Implement differentiated service through PBR.

Method used to configure IPSec on the 3G interface of the AR
Huawei AR series routers can dynamically obtain IP addresses from a service provider to access public network using a 3G interface, and establish IPSec connections with the headquarters. This function applies to V200R002C00 and later versions and all models of the AR. For details, see Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top