< Home

Configuring the Efficient VPN Server

Context

Parameters on the Efficient VPN server include network resource parameters and IPSec parameters:

  1. Network resource parameters include the IP address, domain name, DNS server address, and WINS server address. The Efficient VPN server can deliver network resource parameters to the remote device over the IPSec tunnel.

  2. An SA must be set up through an IPSec policy template. There are limitations on other IPSec parameters. Table 1 lists restrictions on some IPSec parameters supported on the switch.

    Table 1 IPSec parameters supported on the switch

    IPSec Parameter

    Description

    Identity authentication method

    Pre-shared key authentication

    Security protocol

    ESP

    Encapsulation mode

    Tunnel mode

    Negotiation mode in IKEv1 phase 1

    Aggressive mode

    IKE authentication algorithm

    SHA2-256, SHA2-384, and SHA2-512

    IKE encryption algorithm

    3DES, AES-128, AES-192, and AES-256

    IKEv2 integrity check algorithm

    AES-XCBC-96, HMAC-MD5-96, HMAC-SHA1-96, HMAC-SHA2-256, HMAC-SHA2-384, and HMAC-SHA2-512

    IKEv2 PRF algorithm

    AES-XCBC-128, HMAC-MD5, HMAC-SHA1, HMAC-SHA2-256, HMAC-SHA2-384, and HMAC-SHA2-512

    DH algorithm

    group21, group20, group19, group14

    IPSec authentication algorithm

    SHA2-256, SHA2-384, and SHA2-512

    IPSec encryption algorithm

    3DES, AES-128, AES-192, and AES-256
The switch cannot function as the Efficient VPN server. For detailed configurations of the Efficient VPN server, see the configuration guide from the corresponding vendor. The detailed configuration procedure is as follows:
  1. Configure network resource parameters to be pushed to the remote end.
  2. Define data flows to be encrypted for protection.
  3. Configure an IKE proposal to define the identity authentication method, authentication/encryption algorithm, and DH algorithm.
  4. Configure an IKE peer to reference the IKE proposal and configure parameters, such as the pre-shared key, IKE version, and remote address.
  5. Configure an IPSec proposal and define the security protocol, authentication/encryption algorithm, and encapsulation mode.
  6. Configure an IPSec policy and apply the ACLs and IPSec proposal to the IPSec policy.
  7. Apply the IPSec policy to an interface.
Parent Topic: Establishing an IPSec Tunnel Using an Efficient VPN Policy
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >