Configuring gre settings, Configuring an ipsec proposal – H3C Technologies H3C Intelligent Management Center User Manual

Page 88

Advertising
background image

78

If you select YES, the hub device only responds to negotiation requests from peers, without

initiating IKE negotiation. The IPsec policy template feature applies to the scenario where the IP
addresses of spoke devices are unknown.

7.

Select the PFS option, and select DH Group 1, DH Group 2, DH Group 5, DH Group 14, or Disable
from the list.

8.

Select YES or NO in the Set IPsec SA Lifetime field.
If you select YES, set the Time(s) and Traffic(KB). Time(s) specifies the lifetime (in seconds) of the
IPsec SA. Traffic(KB) specifies the maximum traffic (in KB) that the IPsec SA can process. When

either the time or traffic condition is met, a new IPsec SA is negotiated.

Configuring GRE settings

1.

Enter the GRE keepalive interval in the Keepalive(sec) box.

2.

Enter the maximum number of keepalive attempts in the Transmission Attempts box.

3.

Select the Packet Checksum option to enable GRE packet checksum.

4.

Enter the GRE tunnel interface key in the Tunnel Interface Key box.
IVM applies the key to the tunnel-end devices.

5.

Click Next to configure security proposals or click Accomplish to skip security proposals
configuration.

Configuring an IPsec proposal

1.

Click Add in the IPsec Proposal area.

2.

Enter a name for the IPsec proposal.
You can configure the IPsec proposal through step 3, or import an IPsec proposal template through
step 4.

3.

Configure the IPsec proposal:

a.

Select AH, ESP, or AH+ESP from the Security Protocol list.

b.

Select MD5 or SHA1 from the AH AuthN list.
Configure this setting when the security protocol is AH or AH+ESP.

c.

Select MD5, SHA1, or None from the ESP AuthN list.
Configure this setting when the security protocol is ESP or AH+ESP.

d.

Select None, DES, 3DES, AES(128), AES(192), or AES(256) from the ESP Encrpt list.
Configure this setting only when the security protocol is ESP or AH+ESP.

e.

Click OK.
The Encapsulation mode cannot be modified when you configure the IPsec proposal. For
information about modifying this parameter, see "

Configuring default IPsec and IKE settings

."

4.

Import an IPsec proposal template:

a.

Click the Import icon

next to the proposal name.

The Query IPsec Proposals window appears. This window automatically filters IPsec proposal
templates that do not match the Encapsulation mode set in "

Configuring default IPsec and IKE

settings

."

You can add, modify, and delete IPsec proposal templates in IPsec Proposals. For more
information about IPsec proposal templates, see "

Managing IPsec proposals

."

b.

Enter the name of the IPsec proposal template you want to query, and click Query.

Advertising
Popular Brands
Popular manuals