Configuring ipsec tunnels, Configuring existing ipsec tunnels – H3C Technologies H3C Intelligent Management Center User Manual

Page 79

Advertising
background image

69

Configuring IPsec tunnels

You can configure an IPsec tunnel when you add it, or modify an existing IPsec tunnel. The two

configuration methods have different configurable parameters.
When you add an IPsec tunnel, you can let the tunnel inherit the basic settings and security proposals of

the VPN domain, or you can modify the basic settings for the tunnel. After you add the tunnel, you cannot

modify the basic settings for the tunnel.
When you add an IPsec tunnel, four tab pages are available in the IPsec tunnel configuration page.
When you modify an existing IPsec tunnel, two more tab pages are available in the IPsec tunnel

configuration page: Hub Advanced Settings and Spoke Advanced Settings.
This section only describes the basic settings that you can modify when you add an IPsec tunnel. For other

tunnel settings, see "

Configuring existing IPsec tunnels

."

To configure an IPsec tunnel:

1.

Click the Device Parameters icon

for a tunnel to enter the IPsec tunnel configuration page,

which includes four tab pages:

{

Basic Information

{

Device Parameters

{

Security Proposals

{

Spoke Additional Settings

The Basic Information tab provides the following basic settings:

{

IKE Negotiation Mode—Select Main or Aggressive mode for phase-1 IKE negotiation.

{

NAT Traversal—Select YES or NO. Only aggressive mode supports NAT traversal.

{

IKE Authentication—Select the authentication method Pre-Shared Key or CA Authentication
used to authenticate the IKE peer. This setting is inherited from the VPN domain and can be

modified.

{

ID Type—Select an ID type Name or IP for the IKE peer. If the IKE negotiation mode is Main, you
must select IP.

{

Encapsulation Mode—Select Tunnel or Transport. If NAT traversal is enabled, you must select

Tunnel.

{

Use Policy Template—Select YES or NO. If you select YES, the hub device only responds to
negotiation requests from the peer, without initiating IKE negotiation. Use the policy template

feature when the IP addresses of spoke devices are unknown.

2.

Click OK to apply the settings.

3.

Click Back and configure other tunnels in the same way.

Configuring existing IPsec tunnels

To configure an existing IPsec tunnel:

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.

3.

Click a VPN domain name to enter the VPN domain page.

4.

Click the Device parameters icon

for an existing IPsec tunnel.

5.

Configure the existing IPsec tunnel in the following tab pages:

Advertising
Popular Brands
Popular manuals