beautypg.com

H3C Technologies H3C S6300 Series Switches User Manual

Page 12

background image

vi

IPsec configuration examples······································································································································ 238

 

Configuring a manual mode IPsec tunnel for IPv4 packets ············································································ 238

 

Configuring an IKE-based IPsec tunnel for IPv4 packets ················································································· 241

 

Configuring IPsec for RIPng ································································································································ 243

 

Configuring IKE ······················································································································································· 247

 

Overview ······································································································································································· 247

 

IKE negotiation process ······································································································································ 247

 

IKE security mechanism ······································································································································· 248

 

Protocols and standards ····································································································································· 249

 

FIPS compliance ··························································································································································· 249

 

IKE configuration prerequisites ··································································································································· 249

 

IKE configuration task list ············································································································································ 249

 

Configuring an IKE profile ·········································································································································· 250

 

Configuring an IKE proposal ······································································································································ 252

 

Configuring an IKE keychain ······································································································································ 253

 

Configuring the global identity information ·············································································································· 254

 

Configuring the IKE keepalive function ······················································································································ 255

 

Configuring the IKE NAT keepalive function ············································································································ 256

 

Configuring IKE DPD···················································································································································· 256

 

Enabling invalid SPI recovery ····································································································································· 257

 

Setting the maximum number of IKE SAs ··················································································································· 257

 

Configuring SNMP notifications for IKE ···················································································································· 258

 

Displaying and maintaining IKE ································································································································· 258

 

IKE configuration examples ········································································································································ 259

 

Main mode IKE with pre-shared key authentication configuration example ················································ 259

 

Verifying the configuration ································································································································· 261

 

Troubleshooting IKE ····················································································································································· 261

 

IKE negotiation failed because no matching IKE proposals were found ······················································· 261

 

IKE negotiation failed because no IKE proposals or IKE keychains are referenced correctly····················· 262

 

IPsec SA negotiation failed because no matching IPsec transform sets were found ···································· 263

 

IPsec SA negotiation failed due to invalid identity information ······································································ 263

 

Configuring SSH ····················································································································································· 266

 

Overview ······································································································································································· 266

 

How SSH works ··················································································································································· 266

 

SSH authentication methods ······························································································································· 267

 

FIPS compliance ··························································································································································· 268

 

Configuring the device as an SSH server ·················································································································· 269

 

SSH server configuration task list ······················································································································ 269

 

Generating local key pairs ································································································································· 269

 

Enabling the SSH server ····································································································································· 270

 

Enabling the SFTP server ···································································································································· 270

 

Configuring NETCONF over SSH ····················································································································· 271

 

Configuring the user lines for SSH login ··········································································································· 271

 

Configuring a client's host public key ··············································································································· 272

 

Configuring an SSH user ···································································································································· 273

 

Setting the SSH management parameters ········································································································ 274

 

Configuring the device as an Stelnet client ··············································································································· 275

 

Stelnet client configuration task list ···················································································································· 275

 

Specifying the source IP address for SSH packets ··························································································· 275

 

Establishing a connection to an Stelnet server ································································································· 276

 

Configuring the device as an SFTP client ·················································································································· 278

 

SFTP client configuration task list ······················································································································· 278

 

Specifying the source IP address for SFTP packets ·························································································· 278

 

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: