Configuring security proposals – H3C Technologies H3C Intelligent Management Center User Manual

Page 124

Advertising
background image

114

{

Operator—Operator used to match TCP and UDP ports on the hub. Operators include Equals,

Less than, Greater than, Not Equals, and Range.

{

Port number—A port or a port range protected by IPsec on the hub.

{

IP Address/Mask at the Spoke Side—Spoke network protected by IPsec.

{

Operator—Operator used to match TCP and UDP ports on the spoke. Operators include Equals,
Less than, Greater than, Not Equals, and Range.

{

Port number—A port or a port range protected by IPsec on the spoke.

Configuring security proposals

The Security Proposals page provides IPsec and IKE proposals settings. When you add an IPsec tunnel,

the tunnel inherits the IPsec and IKE proposals settings of the VPN domain. After you add the IPsec tunnel,

you can add, modify, and delete IPsec and IKE proposals settings for the tunnel in the Security Proposals

page.
To configure an IPsec proposal for the tunnel:

1.

Click Add in the IPsec Proposals area to add an IPsec proposal.

2.

Enter names for Hub Proposal and Spoke Proposal.
Use one of the following methods to configure an IPsec proposal:

{

Configure an IPsec proposal manually through step 3.

{

Import an IPsec proposal template through step 4.

{

Import an IPsec proposal that has been configured on a hub device in the current VPN domain
through step 5.

3.

Configure an IPsec proposal manually:

a.

Select AH, ESP, or AH+ESP from the Security Protocol list.

b.

Select MD5 or SHA1 from the AH AuthN list.
This setting is available when the security protocol is AH or AH+ESP.

c.

Select MD5, SHA1, or None from the ESP AuthN list.
This setting is available when the security protocol is ESP or AH+ESP.

d.

Select None, DES, 3DES, AES(128), AES(192), or AES(256) from the ESP Encrpt list.
Configure this setting only when the security protocol is ESP or AH+ESP.

e.

.Go to step 6.

4.

Import an IPsec proposal template:

a.

Click the import icon

next to the hub proposal name.

The Select IPsec Proposals window appears. This window automatically filters IPsec proposal
templates that do not match the Encapsulation mode set in "

Configuring default IPsec and IKE

settings

."

You can add, modify, and delete IPsec proposal templates in IPsec Proposals. For more

information about IPsec proposal templates, see "

Managing IPsec proposals

."

b.

Enter the complete name or part of the name of the IPsec proposal template you want to query,
and click Query.

c.

Select the IPsec proposal template in the IPsec Proposal List.

d.

Click OK.
The parameters in the IPsec proposal template are automatically filled in the IPsec proposal
configuration page.

Advertising
Popular Brands
Popular manuals