Modifying a dvpn security configuration – H3C Technologies H3C Intelligent Management Center User Manual
Page 52
42
To be considered a match, two IKE proposals must have the same encryption algorithm,
authentication method, authentication algorithm, and DH group. The ISAKMP SA lifetime takes the
smaller one of the two proposals' SA lifetime settings.
Modifying a DVPN security configuration
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > DVPN Security Configuration.
The DVPN Security Configuration page appears.
3.
Select a security level. Options are High, Medium, and Low.
The DVPN security configuration template contents vary with security levels. This example uses a
DVPN security configuration with a High security level.
For description of the security parameters in the DVPN security configuration, see "
DVPN security configuration list
4.
Modify the following parameters for the DVPN security configuration:
VAM Security Parameters area
{
Key Type—Select how the VAM pre-shared key is displayed in the device configuration file,
Plaintext or Ciphertext.
{
Pre-Shared Key—Enter the pre-shared key.
{
Authentication Algorithm—Select the authentication algorithm used by the VAM server and
client. Options are None, MD5, MD5 SHA1 (MD5 first, and then SHA1), SHA1, and SHA1 MD5
(SHA1 first, and then MD5).
{
Encryption Algorithm—Select the encryption algorithms.
Select the desired encryption algorithm from the Available Encryption Algorithm list, and click
the Add Selected icon
to add it to the Selected Encryption Algorithm list. To remove one or
more encryption algorithms, select them and click the Remove Selected icon
. To select all
the available encryption algorithms, click the Select All icon
. To remove all the selected
encryption algorithms, click the Remove All icon
. An empty field indicates the VAM
protocol packets are not encrypted. The selected encryption algorithms are listed in
descending order of priority. Click the Move up icon
and Move down icon
, Top icon
and Bottom icon
to adjust the priorities of the encryption algorithms.
{
Client AuthN Method—Select the authentication method used by the VAM server to
authenticate the client. Options are PAP, CHAP, and None. PAP transmits passwords in plain
text, and CHAP transmits passwords in cipher text. CHAP is more secure than PAP.
{
Keepalive Interval (s)—Specify the interval at which the VAM client sends keepalive packets to
VAM server.
{
Keepalive Retries—Specify the maximum number of times a VAM client can send a keepalive
packet to the VAM server before receiving a response.
IPsec Parameters area
{
Key Type—Select how the pre-shared key used by the IKE peers for identity authentication is
displayed in the device configuration file, Plaintext, or Ciphertext.
{
Pre-Shared Key—Enter the pre-shared key.
{
Negotiation Mode—Select the IKE negotiation mode for phase 1, Main or Aggressive.