Configuring an ike proposal – H3C Technologies H3C Intelligent Management Center User Manual
Page 117
107
You can configure the IPsec proposal through step 3, or import an IPsec proposal template through
step 4.
3.
Configure the IPsec proposal:
a.
Select AH, ESP, or AH+ESP from the Security Protocol list.
b.
Select MD5 or SHA1 from the AH AuthN list.
This setting is available when the security protocol is AH or AH+ESP.
c.
Select MD5, SHA1, or None from the ESP AuthN list.
This setting is available when the security protocol is ESP or AH+ESP.
d.
Select None, DES, 3DES, AES(128), AES(192), or AES(256) from the ESP Encrpt list.
Configure this setting only when the security protocol is ESP or AH+ESP.
e.
Click OK.
The Encapsulation mode it cannot be modified when you configure the IPsec proposal. For
more information, see "
Configuring default IPsec and IKE settings
4.
Import an IPsec proposal template:
a.
Click the Import icon
next to the proposal name.
The Select IPsec Proposals window appears. This window automatically filters IPsec proposal
templates that do not match the Encapsulation mode set in "
Configuring default IPsec and IKE
You can add, modify, and delete IPsec proposal templates in IPsec Proposals. For more
information about IPsec proposal templates, see "
b.
Enter the complete name or part of the name of the IPsec proposal template you want to query,
and click Query.
c.
Select the IPsec proposal template in the IPsec Proposal List.
d.
Click OK.
The parameters in the IPsec proposal template are automatically filled in the IPsec proposal
configuration page.
e.
Click OK.
Configuring an IKE proposal
1.
Click Add in the IKE Proposal area.
2.
Enter a sequence number in the Proposal Num. box.
A smaller sequence number determines a higher matching priority. You can manually configure
the IKE proposal through step 3, or import an IKE proposal template through step 4.
3.
Configure the IKE proposal:
a.
Select DES, 3DES, AES(128), AES(192), or AES(256) from the Encryption Algorithm list.
b.
Select MD5 or SHA1 from the Authentication Algorithm list.
c.
Select DH Group 1, DH Group 2, DH Group 5, or DH Group 14 from the DH Group ID list.
d.
Enter the ISAKMP SA lifetime in seconds in the ISAKMP SA Life Time box.
e.
Click OK.
The IKE Authentication method cannot be modified when you configure the IKE proposal. For
information about modifying this parameter, see "
Configuring default IPsec and IKE settings
."
4.
Import an IKE proposal template: