Configuring basic vpn domain settings, Configuring default ipsec and ike settings – H3C Technologies H3C Intelligent Management Center User Manual

Page 129

Advertising
background image

119

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.

3.

Click Add in the VPN Domain List to add a GRE over IPsec VPN domain by completing the
following settings:

a.

Configure basic settings

Configure basic VPN domain settings.

Configure default IPsec and IKE settings.

Configure GRE settings.

b.

Configure security proposals

Configure an IPsec proposal.

Configure an IKE proposal.

The following sections describe these tasks.
GRE over IPsec tunnels in a VPN domain inherit the default IPsec and IKE settings, GRE settings,
IPsec proposal, and IKE proposal of the VPN domain.

4.

Click Accomplish to add the GRE over IPsec VPN domain.

Configuring basic VPN domain settings

1.

Enter a name for the VPN domain in the Domain Name box.
IVM uses a case-insensitive name and a type to uniquely identify a VPN domain. The VPN
domains of the same type cannot have the same name.

2.

Enter a description for the VPN domain in the Description box.

3.

Select the GRE over IPsec type for the VPN domain.

4.

Select one of the following action from the Actions upon Deployment Failure list:

{

Rollback and Stop Deployment.

{

Rollback and Continue with the Next Device.

5.

Select the Configure IPsec IKE and GRE option to configure default IPsec and IKE settings, GRE
settings, IPsec proposal, and IKE proposal.
Skip this step if you do not need to configure default IPsec and IKE settings, IPsec proposal, and IKE
proposal.

Configuring default IPsec and IKE settings

1.

Select Main or Aggressive in the IKE Negotiation Mode field.

2.

Select YES or NO in the NAT Traversal field.
Only aggressive mode supports NAT traversal.

3.

Select Pre-Shared Key or CA Authentication in the IKE Authentication field:

{

If you select Pre-Shared Key, enter the preshared key in the Authentication Key box.

{

If you select CA Authentication, you need to set the CA domain for the hub and spoke devices
when you configure GRE over IPsec tunnels.

4.

Select Name or IP in the ID Type field for the IKE peer.
If NAT traversal is enabled, you must select Name. If the IKE negotiation mode is Main, you must
select IP.

5.

Select Tunnel or Transport in the Encapsulation Mode field.
If NAT traversal is enabled, you must select the Tunnel option.

6.

Select YES or NO in the Use Policy Template field.

Advertising
Popular Brands
Popular manuals