Modifying an ipsec proposal, Deleting ipsec proposals, Managing ike proposals – H3C Technologies H3C Intelligent Management Center User Manual
Page 46: Basic concepts, Authentication method
36
Modifying an IPsec proposal
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > Security Proposals > IPsec Proposals.
The IPsec Proposal List displays all IPsec proposals.
3.
Click the Modify icon
for the IPsec proposal you want to modify.
The Modify IPsec Proposal page appears.
4.
Modify the IPsec proposal settings as needed.
5.
Click OK.
NOTE:
Modifying an IPsec proposal affect only SAs negotiated after the changes.
Deleting IPsec proposals
1.
Click the Service tab.
2.
From the navigation tree, select IPsec VPN Manager > Security Proposals > IPsec Proposals.
The IPsec Proposal List displays all IPsec proposals.
3.
Select the IPsec proposals you want to delete.
4.
Click Delete.
A confirmation dialog box appears.
5.
Click OK.
NOTE:
Deleting an IPsec proposal does not affect any existing SAs negotiated using the IPsec proposal.
Managing IKE proposals
Basic concepts
An IKE proposal defines a set of attributes describing how IKE negotiation should take place, including
the authentication algorithm, the encryption algorithm, DH group, and ISAKMP SA lifetime.
After an IKE proposal is created, it can be referenced by IKE profiles for creating IKE peers.
You can configure multiple IKE proposals for IKE peers. Two peers must have at least one matching IKE
proposal for successful IKE negotiation. The two matching IKE proposals have the same encryption
algorithm, authentication method, authentication algorithm, and DH group. The SA lifetime takes the SA
lifetime with a smaller value of the two.
For more information about encryption and authentication algorithms, see "
Authentication method
The IKE identity authentication mechanism is used to authenticate the identity of the communicating
peers. IVM supports the following identity authentication methods: