Configuring security proposals – H3C Technologies H3C Intelligent Management Center User Manual

Page 137

Advertising
background image

127

d.

Click OK.

To modify the hub subnet, click the Modify icon

and enter new settings in the window.

To delete the hub subnet, select it and click Delete.

4.

Add a spoke subnet:

a.

Click Add in the Spoke Subnet area.
A window appears.

b.

Enter the spoke subnet address in the IP box.

c.

Enter the mask of the spoke subnet address in the Mask box.

d.

Click OK.

To modify the spoke subnet, click the Modify icon

and enter new settings.

To delete the spoke subnet, select it and click Delete.

Configuring security proposals

The Security Proposals page provides IPsec and IKE proposals settings. When you add a GRE over IPsec
tunnel, the tunnel inherits the IPsec and IKE proposals settings of the VPN domain. After you add the GRE

over IPsec tunnel, you can add, modify, and delete IPsec and IKE proposals settings for the tunnel in the

Security Proposals page.
To configure an IPsec proposal for the tunnel:

1.

Click Add in the IPsec Proposals area to add an IPsec proposal.

2.

Enter names for Hub Proposal and Spoke Proposal.
Use one of the following methods to configure an IPsec proposal:

{

Configure an IPsec proposal manually through step 3.

{

Import an IPsec proposal template through step 4.

{

Import an IPsec proposal that has been configured on a hub device in the current VPN domain
through step 5.

3.

Configure an IPsec proposal manually:

a.

Select AH, ESP, or AH+ESP from the Security Protocol list.

b.

Select MD5 or SHA1 from the AH AuthN list.
Configure this setting when the security protocol is AH or AH+ESP.

c.

Select MD5, SHA1, or None from the ESP AuthN list.
Configure this setting when the security protocol is ESP or AH+ESP.

d.

Select None, DES, 3DES, AES(128), AES(192), or AES(256) from the ESP Encrpt list.
Configure this setting only when the security protocol is ESP or AH+ESP.

e.

.Go to step 6.

4.

Import an IPsec proposal template:

a.

Click the import icon

next to the hub proposal name.

The Select IPsec Proposals window appears. This window automatically filters IPsec proposal
templates that do not match the Encapsulation mode set in "

Configuring default IPsec and IKE

settings

."

You can add, modify, and delete IPsec proposal templates in IPsec Proposals. For more
information about IPsec proposal templates, see "

Managing IPsec proposals

."

Advertising
Popular Brands
Popular manuals