Modifying a gre over ipsec vpn domain, Modifying the basic settings – H3C Technologies H3C Intelligent Management Center User Manual

Page 178

Advertising
background image

168

Modifying a GRE over IPsec VPN domain

A GRE over IPsec VPN domain contains IPsec and IKE settings for tunnels in the domain. GRE over IPsec

tunnels in a VPN domain inherit the default IPsec and IKE settings of the domain. You can modify IPsec

and IKE settings for the VPN domain. The new settings take effect only on newly added tunnels and do
not affect existing tunnels.

Modifying the basic settings

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.
The VPN Domain List displays all VPN domains.

3.

Click the Modify icon

for the GRE over IPsec VPN domain you want to modify.

The Modify GRE over IPsec VPN Domain Settings page appears.
The page contains two tabs: Basic Settings and Security Proposals. By default, the Basic Settings
tab is displayed.

4.

Modify the following parameters:

{

Domain Name—Modify the name of the GRE over IPsec VPN domain. IVM uses the Domain
Name + Type combination to uniquely identify a VPN domain. The VPN domain name is a

case-insensitive string and must be unique among all VPN domains of the same type.

{

Description—Modify the description of the GRE over IPsec VPN domain.

{

Type—The type is GRE over IPsec VPN and this field cannot be modified.

{

Actions upon Deployment Failure—Select the action to take on tunnel deployment failures.
Options are:

Roll Back and Stop Deployment—Clears the tunnel configuration on the failed device and
stops deploying tunnel configurations to other devices.

Roll Back and Continue with Next Device—Clears the tunnel configuration on the failed
device and continue to deploy tunnel configurations to other devices.

5.

Select the Configure IPsec IKE and GRE option to configure default IPsec and IKE settings, GRE
settings, IPsec proposal, and IKE proposal.
Skip this step if you do not need to configure default IPsec and IKE settings, IPsec proposal, and IKE
proposal.

6.

Configure the following parameters in the area:

{

IKE Negotiation Mode—Select the key negotiation mode used in IKE negotiation phase 1: Main
or Aggressive. Main mode is slower but more secure than aggressive mode.

{

NAT Traversal—Select Yes or No to enable or disable NAT traversal. You must enable NAT
traversal if a NAT device exists between the IPsec tunnel endpoints. Only aggressive mode

supports NAT traversal.

{

IKE Authentication—Select the authentication method used by the two IKE peers: Pre-Shared
Key or CA Authentication.

If you select Pre-Shared Key, enter the pre-shared key in the Authentication Key field.

If you select CA Authentication, you must specify the CA domain for the hub and spoke

when you configure IPsec tunnels.

Advertising
Popular Brands
Popular manuals