Configuring device parameters – H3C Technologies H3C Intelligent Management Center User Manual

Page 136

Advertising
background image

126

{

ID Type—Name or IP. If the ID type is Name, the Hub IKE Gateway Name and Spoke IKE

Gateway Name are also displayed.

{

Encapsulation Mode—Tunnel or Transport. If NAT traversal is enabled, the encapsulation mode
must be Tunnel. This setting cannot be modified. You can modify this setting only when you add

the tunnel.

{

Use Policy Template—YES or NO. This setting cannot be modified. You can modify this setting
only when you add the tunnel.

{

PFS—Select the PFS option, and select DH Group 1, DH Group 2, DH Group 5, DH Group 14,
or Disable from the list.

{

Set IPsec SA Lifetime—Select YES or NO in the Set IPsec SA Lifetime field.
If you select YES, set the Time(s) (in seconds) and Traffic(KB). When either the configured time
or traffic condition is met, a new IPsec SA is negotiated.

2.

Click OK.

Configuring device parameters

The Device Parameters page provides CA domain, protected GRE traffic flows, hub subnet, and spoke
subnet settings.
A CA domain includes certificate and certificate server settings and it is manually configured on the hub

and spoke. IVM obtains the CA domain by reading device configuration. Configure CA domains for the

hub and spoke only when the IKE authentication method is CA.
Protected GRE traffic flows are classified by ACLs. After you configure GRE settings, IVM generates ACLs

based on the tunnel-end IP addresses.
IVM uses the hub subnet information to generate a static route on the spoke. The egress interface of the

static route is the spoke's GRE tunnel interface.
IVM uses the spoke subnet information to generate a static route on the hub. The egress interface of the
static route is the hub's GRE tunnel interface.
To configure the Device Parameters page:

1.

Configure a CA domain for the hub and spoke:

a.

Select a CA domain for the hub from the Hub CA Domain list.

b.

Select a CA domain for the spoke from the Spoke CA Domain list.

c.

Click OK.

2.

View the Protected Traffic Flows.
Protected Traffic Flows list

{

Protocol—Only GRE is available.

{

IP Address/Mask at the Hub Side—Hub network protected by IPsec.

{

IP Address/Mask at the Spoke Side—Spoke network protected by IPsec.

For information about configuring hub and spoke addresses and masks for GRE tunnels, see
"

Configuring a GRE tunnel

."

3.

Add a hub subnet:

a.

Click Add in the Hub Subnet area.
A window appears.

b.

Enter the hub subnet address in the IP box.

c.

Enter the mask of the hub subnet address in the Mask box.

Advertising
Popular Brands
Popular manuals