R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
86
To meet the requirements, configure an IPsec tunnel interface on each Firewall and configure a static
route on each Firewall to route the packets destined to the peer to the IPsec tunnel interface for IPsec
protection.
Figure 53 Network diagram for setting up an IPsec tunnel with IPsec tunnel interfaces
Configuation procedure
a. Configure Firewall A
# Name the local gateway Firewalla.
<FirewallA> system-view
[FirewallA] ike local-name Firewalla
# Configure an IKE peer named atob. As the local peer obtains the IP address automatically, set the IKE
negotiation mode to aggressive.
[FirewallA] ike peer atob
[FirewallA-ike-peer-atob] exchange-mode aggressive
[FirewallA-ike-peer-atob] pre-shared-key simple aabb
[FirewallA-ike-peer-atob] id-type name
[FirewallA-ike-peer-atob] remote-name Firewallb
[FirewallA-ike-peer-atob] quit
# Create an IPsec proposal named method1. This proposal uses the default settings: the security protocol
of ESP, the encryption algorithm of DES, and the authentication algorithm of MD5.
[FirewallA] ipsec proposal method1
[FirewallA-ipsec-proposal-method1] quit
# Create an IPsec profile named atob.
[FirewallA] ipsec profile atob
# Configure the IPsec profile to reference the IKE peer.
[FirewallA-ipsec-profile-atob] ike-peer atob
# Configure the IPsec profile to reference the IPsec proposal method1.
[FirewallA-ipsec-profile-atob] proposal method1
[FirewallA-ipsec-profile-atob] quit
# Create tunnel interface Tunnel 1.
[FirewallA] interface tunnel 1
# Assign IPv4 address 10 .1.1.1 / 2 4 to tunnel interface Tunnel 1.
[FirewallA–Tunnel1] ip address 10.1.1.1 24
# Set the tunnel mode of tunnel interface Tunnel 1 to IPsec over IPv4.
[FirewallA–Tunnel1] tunnel-protocol ipsec ipv4