Hello
I am just starting to work with Huawei equipment, I do not understand everything yet.
The AR6120 router uses an Internet connection via PPPOE connection.
Several vpn tunnels were set up between the AR6120 router (local network 10.36.0.0/16) and several remote sites. Several questions arose in the work of the tunnels:
1. Access from a remote site to the network for AR is, ping passes freely. But there is no site from the AR 6120 network to the network.
Tracing shows that the packet does not go to the VPN network, but goes directly to the provider's network. Tried setting up static routes, no result. Tell me how to get the package to go the right way?
2. The speed of copying files over the VPN network does not exceed 2 Mb / s, while the speed of Internet channels is more than 200 megabits. The processor load on the router when copying files increases by 4%, the peak load is 15%. I cannot find the reason for such poor performance. I have not experienced a similar effect with equipment from another manufacturer. Has anyone encountered a similar problem?
VPN configuration below:
[Huawei] acl number 3001
[Huawei-acl-adv-3002] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.77.0.0 0.0.255.255
[Huawei-acl-adv-3002] quit
[Huawei] acl number 3002
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.78.0.0 0.0.255.255
[Huawei-acl-adv-3003] quit
[Huawei] acl number 3003
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.66.0.0 0.0.255.255
[Huawei-acl-adv-3003] quit
[Huawei] acl number 3004
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.54.0.0 0.0.255.255
[Huawei-acl-adv-3003] quit
[Huawei] acl number 3005
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.116.0.0 0.0.255.255
[Huawei-acl-adv-3003] quit
[Huawei] acl number 3006
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 192.168.100.0 0.0.0.255
[Huawei-acl-adv-3003] quit
[Huawei] acl number 3007
[Huawei-acl-adv-3003] rule permit ip source 10.36.0.0 0.0.255.255 destination 10.222.0.0 0.0.255.255
[Huawei-acl-adv-3003] quit
[Huawei] ipsec proposal tran1
[Huawei-ipsec-proposal-tran1] esp authentication-algorithm sha2-256
[Huawei-ipsec-proposal-tran1] esp encryption-algorithm aes-256
[Huawei-ipsec-proposal-tran1] quit
[Huawei] ike proposal 5
[Huawei-ike-proposal-5] encryption-algorithm aes-256
[Huawei-ike-proposal-5] authentication-algorithm sha2-256
[Huawei-ike-proposal-5] dh group14
[Huawei-ike-proposal-5] quit
[Huawei] ike peer MSK01
[Huawei-ike-peer-rut1] version 2
[Huawei-ike-peer-rut1] ike-proposal 5
[Huawei-ike-peer-rut1] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut1] remote-address 93.90.220.50
[Huawei-ike-peer-rut1] quit
[Huawei] ike peer SPB01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 78.155.214.159
[Huawei-ike-peer-rut2] quit
[Huawei] ike peer EKT01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 188.170.96.27
[Huawei-ike-peer-rut2] quit
[Huawei] ike peer KZNW01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 213.159.206.154
[Huawei-ike-peer-rut2] quit
[Huawei] ike peer KZNV01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 213.159.206.143
[Huawei-ike-peer-rut2] quit
[Huawei] ike peer QAZ01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 185.102.72.161
[Huawei-ike-peer-rut2] quit
[Huawei] ike peer NSK01
[Huawei-ike-peer-rut2] version 2
[Huawei-ike-peer-rut2] ike-proposal 5
[Huawei-ike-peer-rut2] pre-shared-key cipher XXXXXXXXXXXXXXX
[Huawei-ike-peer-rut2] remote-address 188.254.16.120
[Huawei-ike-peer-rut2] quit
[Huawei] ipsec policy slcloud01 10 isakmp
[Huawei-ipsec-policy-isakmp-policy1-10] ike-peer MSK01
[Huawei-ipsec-policy-isakmp-policy1-10] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-10] security acl 3001
[Huawei-ipsec-policy-isakmp-policy1-10] quit
[Huawei] ipsec policy slcloud01 11 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer SPB01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3002
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] ipsec policy slcloud01 12 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer EKT01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3003
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] ipsec policy slcloud01 13 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer KZNW01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3005
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] ipsec policy slcloud01 14 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer KZNV01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3006
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] ipsec policy slcloud01 15 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer QAZ01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3007
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] ipsec policy slcloud01 16 isakmp
[Huawei-ipsec-policy-isakmp-policy1-11] ike-peer NSK01
[Huawei-ipsec-policy-isakmp-policy1-11] proposal tran1
[Huawei-ipsec-policy-isakmp-policy1-11] security acl 3004
[Huawei-ipsec-policy-isakmp-policy1-11] quit
[Huawei] interface Dialer2
[Huawei-GigabitEthernet0/0/1] ipsec policy slcloud01
[Huawei-GigabitEthernet0/0/1] quit
