★ IPSEC tunnel Between H3C devices & Huawei Routers (Using SHA-2)
- 0 Followed
- 0Collected ,2879Browsed
Network Topology
In a Customer site Huawei Routers was installed in HQ and on Branches they planned to install H3C MSR 810 Routers. for Traffic encryption we proposed to configure IPSEC tunnel between HQ and Branch Routers.
Problem Description
Background
In a Customer site Huawei Routers was installed in HQ and on Branches they planned to install H3C MSR 810 Routers. for Traffic encryption we proposed to configure IPSEC tunnel between HQ and Branch Routers..
Issue faced
After configurations finished on both sides, IKE and IPSEC SAs were established , but when we initiated traffic so it was dropped and we faced traffic interruption.
Process Analysis
Analysis
After troubleshooting we found that By default, the SHA-2 algorithm is not compatible with earlier software versions of Huawei devices. When IPSec uses the SHA-2 algorithm, if the devices on two ends of an IPSec tunnel are from different vendors or run different software versions, they may use different encryption and decryption methods. In this situation, traffic between devices is interrupted.
Solution
Solution
To solve this problem, enable SHA-2 to be compatible with earlier versions by using below command on Huawei devices.
#
ipsec authentication sha2 compatible enable
#