Setting super password control parameters – H3C Technologies H3C S12500-X Series Switches User Manual
Page 167
155
Step Command
Remarks
4.
Specify the keychain for
pre-shared key
authentication.
keychain keychain-name
By default, no IKE keychain is
specified for an IKE profile.
5.
Specify the IKE negotiation
mode for phase 1.
•
In non-FIPS mode:
exchange-mode { aggressive |
main }
•
In FIPS mode:
exchange-mode main
By default, the main mode is
used during IKE negotiation
phase 1.
6.
Specify the IKE proposals for
the IKE profile to reference.
proposal proposal-number&<1-6>
By default, an IKE profile
references no IKE proposals
and uses the IKE proposals
configured in system view for
IKE negotiation.
7.
Configure the local ID.
local-identity { address { ipv4-address
| ipv6 ipv6-address } | dn | fqdn
[ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
By default, no local ID is
configured for an IKE profile,
and an IKE profile uses the local
ID configured in system view. If
the local ID is not configured in
system view, the IKE profile uses
the IP address of the interface to
which the IPsec policy is
applied as the local ID.
8.
(Optional.) Configure IKE
DPD.
dpd interval interval-seconds [ retry
seconds ] { on-demand | periodic }
By default, the IKE DPD function
is not configured for an IKE
profile and an IKE profile uses
the DPD settings configured in
system view. If the IKE DPD
function is not configured in
system either, the device does
not perform dead IKE peer
detection.
9.
(Optional.) Specify the local
interface or IP address to
which the IKE profile can be
applied.
match local address { interface-type
interface-number | { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-name ] }
By default, an IKE profile can be
applied to any local interface or
IP address.
10.
(Optional.) Specify an inside
VPN instance.
inside-vpn vpn-instance vpn-name
By default, no inside VPN
instance is specified for an IKE
profile, and the device forwards
protected data to the VPN
instance with the same name as
the VPN instance on the
external network.
11.
(Optional.) Specify a priority
for the IKE profile.
priority number
By default, the priority of an IKE
profile is 100.
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches