Configuration on the AR Router
Prerequisites
- The WAN interface GE0/0/8 on the AR router has been configured. Assume that the public IP address of the WAN interface is 1.1.1.1.
- The LAN interface GE0/0/1 on the AR router has been configured. Assume that the public IP address of the LAN interface is 172.16.0.1.
Procedure
- Log in to the web system of the AR router.
An AR651 running V300R019C13SPC200 is used as an example. The web system may vary according to the device model and software version.
- Configure VPN connections.
- Choose .
- Configure the IKE and IPsec policies, as shown in Figure 1.
- When IKEv1 is used for IPsec negotiation, if the traffic hard lifetime is set to 0 on either device, both the local and remote devices disable the traffic timeout function.
- When IKEv2 is used for IPsec negotiation, if the traffic hard lifetime is set to 0 on a device, this device disables the traffic timeout function.
- If the AR router uses a non-fixed IP address to connect to the VPN gateway, click Advanced, set Local identity type to Name, and enter the customer gateway identifier configured on the cloud in the Local name text box.
- Configure a VPN security policy.
Choose Add. Figure 2 shows the key parameter settings.
, configure an advanced ACL, and click - Configure service routes.
Choose IPv4 Static Route area, configure static routes to the active EIP and active EIP 2 of the VPN gateway and a static route to the VPC, and click Add. Figure 3 shows the key parameter settings.
. In the
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot