IPSec with GRE Configuration Between Cisco and Huawei Router

IPSec with GRE Configuration Between Cisco and Huawei Router
Posted by: on

We have configured vpn between Cisco 881 router and huawei AR 2220 router. Both routers are connected back to back with ethernet link. IPSec has been used for tunnel protection. Internet is centralized and nat has been configured over dialer interface. 

Huawei Configurations

#

sysname HO Router

#

board add 0/4 1ADSL-A/M 

board add 0/6 8FE1GE 

#

snmp-agent local-engineid 800007DB0304F938B0FB06

snmp-agent 

#

http timeout 3

#

drop illegal-mac alarm

#

router id 192.168.100.1 

#

acl number 3000 

rule 5 permit ip source 192.168.101.0 0.0.0.255 

ipsec proposal HO-PROP

esp authentication-algorithm sha1

esp encryption-algorithm 3des

#

ike proposal 10

encryption-algorithm 3des-cbc

dh group2

sa duration 28800

#

ike peer HO-PEER v1

pre-shared-key simple 123456

ike-proposal 10

local-address 172.16.1.2

#

ipsec profile HO-PROFILE

ike-peer HO-PEER

proposal HO-PROP

sa duration time-based 86400

#

aaa 

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default 

domain default_admin 

local-user admin password cipher %$%$+a

local-user admin privilege level 15

local-user admin service-type telnet ssh http

#

firewall zone Local

priority 64

#

interface Dialer1

link-protocol ppp

ppp pap local-user xxxx password simple yyyy

ip address ppp-negotiate

dialer user ADSL

dialer bundle 2

dialer-group 1

nat outbound 3000

interface GigabitEthernet0/0/0

ip address 172.16.1.2 255.255.255.0 

#

interface GigabitEthernet0/0/1

ip address 192.168.100.1 255.255.255.0 

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet6/0/0

#

interface Cellular0/0/0

link-protocol ppp

#

interface Cellular0/0/1

link-protocol ppp 

#

interface Atm4/0/0

pvc 8/81

map bridge Virtual-Ethernet0/0/0

#

interface Virtual-Ethernet0/0/0

pppoe-client dial-bundle-number 2 

#

interface NULL0

#

interface Tunnel0/0/172

tcp adjust-mss 1360

ip address 10.10.10.2 255.255.255.0 

tunnel-protocol ipsec

source 172.16.1.2

destination 172.16.1.1

ipsec profile HO-PROFILE

#

dialer-rule

dialer-rule 1 ip permit

#

ospf 1 

default-route-advertise

area 0.0.0.0 

network 10.10.10.0 0.0.0.255 

#

ip route-static 0.0.0.0 0.0.0.0 Dialer1

#

user-interface con 0

authentication-mode password

set authentication password cipher %$%$

user-interface vty 0 4

authentication-mode aaa

 

Cisco Configurations

 

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

!

boot-start-marker

 

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

memory-size iomem 10

!

ip source-route

!

ip cef

no ipv6 cef

!

username admin privilege 15 secret 5 $1$uT

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key 123456 address 172.16.1.2

!

!

crypto ipsec transform-set VPN-PROFILE esp-3des esp-sha-hmac 

!

crypto ipsec profile VPN-PROFILE

set transform-set VPN-PROFILE 

archive

log config

hidekeys

!

interface Tunnel172

ip address 10.10.10.1 255.255.255.0

ip ospf 1 area 0

tunnel source FastEthernet4

tunnel destination 172.16.1.2

ip mtu 1400

ip tcp adjust-mss 1360

tunnel mode ipsec ipv4

tunnel protection ipsec profile VPN-PROFILE

!

interface FastEthernet4

ip address 172.16.1.1 255.255.255.0

!

interface Vlan1

ip address 192.168.101.1 255.255.255.0

ip ospf 1 area 0

!

router ospf 1

log-adjacency-changes

line vty 0 4

login local

You Might Also Be Interested In :

Virtualization

Read More

Storage

Read More

Backup And Replication

Read More

Network

Read More