Configuring existing gre over ipsec tunnels, Configuring basic information – H3C Technologies H3C Intelligent Management Center User Manual

Page 94

Advertising
background image

84

{

NAT Traversal—Select YES or NO. Only aggressive mode supports NAT traversal.

{

IKE Authentication—Select the authentication method Pre-Shared Key or CA Authentication
used to authenticate the IKE peer. This setting is inherited from the VPN domain and cannot be
modified.

{

ID Type—Select an ID type Name or IP for the IKE peer. If the IKE negotiation mode is Main, you
must select IP. If Name is selected, you must specify the Hub IKE Gateway Name and Spoke IKE

Gateway Name:

Hub IKE Gateway Name—Enter the name of the IKE peer on the hub.

Spoke IKE Gateway Name—Enter the name of the IKE peer on the spoke.

{

Encapsulation Mode—Select Tunnel or Transport. If NAT traversal is enabled, you must select
Tunnel.

{

Use Policy Template—Select YES or NO. If you select YES, the hub device only receives
negotiation requests from the peer, without initiating IKE negotiation. Use the policy template

feature when the IP addresses of spoke devices are unknown.

2.

Click OK to apply the settings.

3.

Click Back and configure other tunnels in the same way.

Configuring existing GRE over IPsec tunnels

To configure an existing GRE over IPsec tunnel:

1.

Click the Service tab.

2.

From the navigation tree, select IPsec VPN Manager > IPsec Resources > VPN Domains.

3.

Click a VPN domain name to enter the VPN domain page.

4.

Click the Configuration icon

for an existing GRE over IPsec tunnel.

5.

Configure the existing GRE over IPsec tunnel in the following tab pages:

{

Basic Information

{

Device Parameters

{

Security Proposals

{

Spoke Additional Settings

{

Hub Advanced Settings

{

Spoke Advanced Settings

{

GRE Settings

Configuring basic information

1.

Configure the following settings in the Basic Information page:

{

IKE Negotiation Mode—Main or Aggressive mode for phase-1 IKE negotiation. This setting
cannot be modified. You can modify this setting only when you add the tunnel.

{

NAT Traversal—YES or NO. Only aggressive mode supports NAT traversal. This setting cannot
be modified. You can modify this setting only when you add the tunnel.

{

IKE Authentication—Pre-Shared Key or CA Authentication used to authenticate the IKE peer.
The authentication key is also displayed for Pre-Shared Key.

{

ID Type—Name or IP. If the ID type is Name, the IKE peer names on the hub and spoke are also
displayed.

Advertising
Popular Brands
Popular manuals