Configuring device parameters – H3C Technologies H3C Intelligent Management Center User Manual

Page 81

Advertising
background image

71

Configuring device parameters

The Device Parameters page provides CA domain and protected traffic flow settings.
A CA domain includes certificate and certificate server settings and it is manually configured on the hub
and spoke. IVM obtains the CA domain by reading device configuration. Configure CA domains for the

hub and spoke only when the IKE authentication method is CA.
You can set ACLs to classify traffic flows by IP, TCP, and UDP. IVM assigns the ACLs to devices to match

traffic. The matching traffic flows are protected by IPsec and are called protected traffic flows.

1.

Configure a CA domain for the hub and spoke:

a.

Select a CA domain for the hub from the Hub CA Domain list.

b.

Select a CA domain for the spoke from the Spoke CA Domain list.

c.

Click OK.

2.

Click Add to add a protected traffic flow.
A window appears.

3.

Select IP, TCP, or UDP from the Protocol list.
To configure a protected IP traffic flow, perform step 4. To configure a protected TCP/UDP traffic
flow, perform step 5.

4.

Configure a protected IP traffic flow:

a.

Enter the protected hub subnet address and mask in the Hub Subnet Address and Hub Subnet
Mask boxes.

b.

Enter the protected spoke subnet address and mask in the Spoke Subnet Address and Spoke
Subnet Mask boxes.

5.

Configure a protected TCP/UDP traffic flow:

a.

Enter the protected hub subnet address and mask in the Hub Subnet Address and Hub Subnet
Mask boxes.

b.

Select an Equals, Less than, Greater than, Not equal to, or Range operator from the Operator
list. If you leave it empty, the hub will not match port numbers.

c.

Enter the port number. If the operator is Range, enter the start and end ports in the Port Number

Start Port and Port Number End Port boxes.

d.

Enter the protected spoke subnet address and mask in the Spoke Subnet Address and Spoke
Subnet Mask boxes.

e.

Select an Equals, Less than, Greater than, Not equal to, or Range operator from the Operator
list. If you leave it empty, the spoke will not match port numbers.

f.

Enter the port number. If the operator is Range, enter the start and end ports in the Port Number
Start Port and Port Number End Port boxes.

6.

Click OK.
To delete a protected flow, select the protected flow, and click Delete.

7.

View the Protected Traffic Flows.
Protected Traffic Flows list

{

Protocol—IP, TCP, or UDP.

{

IP Address/Mask at the Hub Side—Hub network protected by IPsec.

{

Operator—Operator used to match TCP and UDP ports on the hub. Operators include Equals,
Less than, Greater than, Not Equals, and Range.

Advertising
Popular Brands
Popular manuals