Setting an encryption card for an ipsec device, Ee "setting an encryption card for an ipsec device – H3C Technologies H3C Intelligent Management Center User Manual
Page 35
25
To set tunnel traps for a device:
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > IPsec Resources > IPsec Devices.
The IPsec Device List displays all IPsec devices.
3.
Click the Operation icon
for the IPsec device for which you want to set tunnel traps.
4.
Select Set Tunnel Traps from the shortcut menu.
The Set Tunnel Traps page appears.
5.
Select Enable the device to Send Tunnel-Setup Event traps, Enable the device to Send
Tunnel-Disconnect Event Traps, or both.
6.
Click OK.
Setting an encryption card for an IPsec device
The IPsec feature is resource intensive for its complex encryption/decryption and authentication
algorithms. To improve processing performance, you can offload IPsec processing tasks to an encryption
card.
When configuring an encryption card for a device, you can enable or disable the encryption card,
configure the encryption engine, and configure failover to CPU or encryption engine.
The encryption card is a hardware card that that processes all IPsec protected packets and hands the
processed packets back to the device for forwarding.
The encryption engine is a coprocessor that provides an encryption/decryption algorithm interface for
IPsec processing.
The IPsec module backup function enables the system to hand the IPsec encryption/decryption tasks to
the IPsec module.
The IPsec processing capability of these three methods in descending order is: the encryption card, the
encryption engine, and the failover to CPU or encryption engine.
The IPsec processing workflow is as follows:
•
If an encryption card is bound with the IPsec policy, IPsec processing is performed by the card as
long as it works properly. If the encryption card fails, the matching packets are discarded.
•
If no encryption card is bound to the IPsec policy, the following guidelines apply:
{
If the encryption engine is enabled, the engine processes the IPsec packets.
{
If the encryption engine cannot be used and the IPsec module backup function is enabled, the
IPsec module processes the IPsec packets.
{
If the encryption engine and IPsec module backup function are disabled, the matching packets
are discarded.
To set an encryption card for a device:
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > IPsec Resources > IPsec Devices.
The IPsec Device List displays all IPsec devices.
3.
Click the Operation icon
for the IPsec device for which you want to set the encryption card.
4.
Select Set Encryption Cards from the shortcut menu.
The Set Encryption Card page appears.