Virtual private network (VPN) feature

22

Virtual private network (VPN) is a networking technology that transmits private data through encapsulation or encryption on the public network at a security level of private networks and uses the public network to build a private network.
VPN routing and forwarding table (VRF) is also called a VPN instance. Each router is logically divided into multiple virtual routers, that is, multiple VRFs. Each VRF corresponds to a VPN and has a separate routing table, forwarding table, and interface. This is similar to the simulation of a VPN-shared router into multiple dedicated routers, so that the routing information exchanged between different devices is only the route of this VPN, isolating the VPN routes. After VPN maintenance and management instances are configured, the server end protocols of the device, that is, telnet server ends (SSH and CLI), SNMP, and TRACE, accept connection requests of only the specified management and maintenance VPN networks and do not accept those of other VPNs or of the public network.
Inband management VPN uses the VRF function to plan the remote network management system (NMS) and OLT in the same VPN network. In this way, carriers can use private network IP addresses to remotely manage and maintain devices. This method saves public network IP addresses and isolates the management network from the public network.
For more information, visit Huawei technical support website.

Other related questions:
Which networking features does an MPLS BGP VPN support
When the switch functions as a PE, you can configure the static routing, RIPv1, RIPv2, OSPF, EBGP, and IS-IS multi-instances between the PE and the CE. The switch supports such networking modes as intranet, extranet, Hub&Spoke, CE dual-homing, and hierarchical MPLS BGP VPN.

ARs configured with IPSec on two private networks cannot communicate with each other
The possible causes are as follows: 1. The public addresses of two IPSec-enabled ARs cannot be pinged. 2. There is an error in the data flow to be encapsulated with the IPSec header or both IPSec and NAT are performed for the same data flow. You can run the display acl all command to check ACL matching. If both IPSec and NAT are performed for the same data flow, use either of the following method to prevent data flow overlapping: -Ensure that the destination IP address denied in the ACL rule referenced by NAT is the destination IP address in the ACL rule referenced by IPSec. By doing so, the device does not perform NAT on the data flow protected by IPSec. -The ACL rule referenced by IPSec matches the NAT-translated IP address. 3. The AR incorrectly learns private routes. The outbound interface of the route to the destination private network is not the public network interface enabled with IPSec.

How can the TE30 on a private network communicate with a terminal on another private network?
To enable two TE30s on two private networks to communicate, their IP addresses must be mapped to the same IP address on a public network through NAT. For details, see chapter 4 Endpoints on Different Private Networks in the HUAWEI TE30&TE40&TE50&TE60&TX50 Videoconferencing Endpoint Configuration Examples.

FAQ-What networking features does an MPLS BGP VPN support
S series switches' (except S1700 switches) support for MPLS BGP VPN is described as follows: When a switch functions as a PE, you can configure the static routing, RIPv1, RIPv2, OSPF, EBGP, and IS-IS multi-instances between the PE and CE. S series switches support such networking modes as intranet, extranet, Hub&Spoke, CE dual-homing, and hierarchical MPLS BGP VPN.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top