Configuration on the AR Router

Prerequisites

The uplink public network interface GE0/0/8 of the AR router has been configured. Assume that the public IP address of the interface is 1.1.1.1.
The downlink private network interface GE0/0/1 of the AR router has been configured. Assume that the private IP address of the interface is 172.16.0.1.

Procedure

Log in to the web system of the AR router.

An AR651 running V300R019C13SPC200 is used as an example. The web system may vary according to the device model and software version.
Complete basic settings.

Choose Advanced > IP > Routing > Static Route Configuration. In the IPv4 Static Route area, configure static routes to the active EIP and active EIP 2 of the VPN gateway, and click Add, as shown in Figure 1.

Figure 1 Configuring static routes
Configure tunnel interfaces.
1. Choose Advanced > Interface > Logical Interface.
2. Configure two tunnel interfaces and click Add.
  Figure 2 shows the key parameter settings.
  Figure 2 Configuring tunnel interfaces
Configure VPN connections.
1. Choose Advanced > VPN > IPSec > IPSec Policy Management.
2. Configure the IKE and IPsec policies for the two tunnels, as shown in Figure 3 and Figure 4.
  - When IKEv1 is used for IPsec negotiation, if the traffic hard lifetime is set to 0 on either device, both the local and remote devices disable the traffic timeout function.
  - When IKEv2 is used for IPsec negotiation, if the traffic hard lifetime is set to 0 on a device, this device disables the traffic timeout function.
  Figure 3 Configuring VPN connection 1
  
  Figure 4 Configuring VPN connection 2
Configure BGP.
1. Choose Advanced > IP > Routing > Dynamic Route Configuration > BGP.
2. Toggle on Enable BGP, set AS Number to the BGP ASN of the AR router, set Router ID to the gateway address of the downlink private network interface on the AR router, and click Apply.
3. Configure BGP peers, as shown in Figure 5.
  Figure 5 Configuring BGP peers
4. In the Route Import Configuration area, set Protocol type to Direct.