Modifying an ike proposal, Deleting ike proposals, Managing dvpn security configuration – H3C Technologies H3C Intelligent Management Center User Manual
Page 49
39
{
ISAKMP SA Lifetime—ISAKMP SA lifetime in seconds. The value range is 60 to 604800 and the
default is 86400. Since DH computation can be time-consuming for low-end devices, , HP
recommends that you set the ISAKMP SA lifetime to no less than 600 seconds.
{
Comments—Enter a description for the IKE proposal.
5.
Click OK.
The newly added IKE proposal is saved in IVM and can be referenced by IKE profiles.
Modifying an IKE proposal
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > Security Proposals > IKE proposals.
The IKE Proposal List displays all IKE proposals.
3.
Click the Modify icon
of the IKE proposal you want to modify.
The Modify IKE Proposal page appears.
4.
Modify the IKE proposal settings.
5.
Click OK.
NOTE:
Modifying an IKE proposal affect only ISAKMP SAs negotiated after the changes.
Deleting IKE proposals
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > Security Proposals > IKE proposals.
The IKE Proposal List displays all IKE proposals.
3.
Select the IKE proposals you want to delete.
4.
Click Delete.
A confirmation dialog box appears.
5.
Click OK.
NOTE:
Deleting an IKE proposal does not affect any existing SAs negotiated using the proposal.
Managing DVPN security configuration
DVPN security configurations are divided into three security levels: high, medium, and low. Each severity
level contains a set of VAM (VPN Address Management) and IPsec parameters for constructing DVPN
networks. You can view and modify a DVPN security configuration template.
The following sections describe the parameters in a DVPN security configuration.