Configuring ipsec tunnels, Configuring existing ipsec tunnels – H3C Technologies H3C Intelligent Management Center User Manual

Page 121

Advertising
background image

111

A window appears.

b.

Enter a new IP address.

c.

Click OK.

Configuring IPsec tunnels

You can configure an IPsec tunnel when you add it, or modify an existing IPsec tunnel. The two
configuration methods have different configurable parameters.
When you add an IPsec tunnel, you can let the tunnel inherit the basic settings and security proposals of

the VPN domain, or you can modify the basic settings for the tunnel. After you add the tunnel, you cannot

modify the basic settings for the tunnel.
When you add an IPsec tunnel, four tab pages are available in the IPsec tunnel configuration page.
When you modify an existing IPsec tunnel, two more tab pages are available in the IPsec tunnel

configuration page: Hub Advanced Settings and Spoke Advanced Settings.
This section only describes the basic settings that you can modify when you add an IPsec tunnel. For other

tunnel settings, see "

Configuring existing IPsec tunnels

."

To configure an IPsec tunnel:

1.

Click the Device Parameters icon

for a tunnel to enter the IPsec tunnel configuration page,

which includes four tab pages:

{

Basic Information

{

Device Parameters

{

Security Proposals

{

Spoke Additional Settings

The Basic Information tab provides the following basic settings:

{

IKE Negotiation Mode—Select Main or Aggressive mode for phase-1 IKE negotiation.

{

NAT Traversal—Select YES or NO. Only aggressive mode supports NAT traversal.

{

IKE Authentication—Select the authentication method Pre-Shared Key or CA Authentication
used to authenticate the IKE peer. This setting is inherited from the VPN domain and can be

modified.

{

ID Type—Select an ID type Name or IP for the IKE peer. If the IKE negotiation mode is Main, you
must select IP.

{

Encapsulation Mode—Select Tunnel or Transport. If NAT traversal is enabled, you must select

Tunnel.

{

Use Policy Template—Select YES or NO. If you select YES, the hub device only receives
negotiation requests from the peer, without initiating IKE negotiation. Use the policy template

feature when the IP addresses of spoke devices are unknown.

2.

Click OK to apply the settings.

3.

Click Back and configure other tunnels in the same way.

Configuring existing IPsec tunnels

To configure an existing IPsec tunnel:

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.

Advertising
Popular Brands
Popular manuals