Deleting ipsec proposals, Modifying ike proposals, Configuring an ike proposal – H3C Technologies H3C Intelligent Management Center User Manual

Page 181

Advertising
background image

171

{

AH Authentication—This parameter appears only when AH or AH + ESP is selected for Security

Protocol. Select the authentication algorithm to be used by the AH security protocol. Options
are MD5 and SHA1.

{

ESP Authentication—This parameter appears only when ESP or AH + ESP is selected for
Security Protocol. Select the authentication algorithm to be used by the ESP security protocol.

Options are MD5, SHA1, and None.

{

ESP Encryption—This parameter appears only when ESP or AH + ESP is selected for Security
Protocol. Select the encryption algorithm to be used by the ESP security protocol. Options are

None, DES, 3DES, AES(128), AES(192), and AES(256).

3.

Click OK.

Deleting IPsec proposals

1.

Select one or more IPsec proposals you want to delete.

2.

Click Delete in the IPsec Proposal area.
A confirmation dialog box appears.

3.

Click OK.

Modifying IKE proposals

You can modify the IKE proposals of the GRE over IPsec VPN domain only when the Configure IPsec and
IKE option is selected on the Basic Settings tab.
To modify the IKE proposals for the IPsec VPN domain:

1.

Click the Security Proposals tab.
The IKE Proposal list displays all the IKE proposals.

2.

You can configure an IKE proposal, modify an existing IKE proposal, and delete IKE proposals for
the IPsec VPN domain.

Configuring an IKE proposal

1.

Click Add in the IKE Proposal area.
The Add IKE Proposal page appears.

2.

Specify the IKE proposal number in the Proposal Num. field.
You can configure the IKE proposal through step 3 or import an IKE proposal template through step
4.

3.

Configure an IKE proposal:

a.

Configure the following parameters:

IKE Authentication—Select the authentication method used by IKE peers. Options are
Pre-Shared Key and CA Authentication.

Encryption Algorithm—Select the encryption algorithm used by the IKE proposal. Options
are DES, 3DES, AES(128), AES(192), and AES(256).

Authentication Algorithm—Select the authentication algorithm used by the IKE proposal.
Options are MD5 and SHA-1.

DH Group ID—Select the DH group identifier used by the IKE proposal. Options are DH
Group 1, DH Group 2, DH Group 5, and DH Group 14.

ISAKMP SA Life Time—Specify how long each ISAKMP SA should exist, in seconds.

b.

Click OK.

Advertising
Popular Brands
Popular manuals