beautypg.com

H3C Technologies H3C MSR 50 User Manual

Page 388

background image

3

3.

Perform basic connection configurations as described in

Table 157

.

Table 157 Configuration items

Item Description

IPsec Connection Name Enter a name for the IPsec connection.

Interface

Select an interface where IPsec is performed.

Network Type

Select a network type, site-to-site or PC-to-site.

Remote Gateway
Address/Hostname

Enter the address of the remote gateway, which can be an IP address or a host
name.
The IP address can be a host IP address or an IP address range. If the local end is the
initiator of IKE negotiation, it can have only one remote IP address and its remote IP

address must match the local IP address configured on its peer. If the local end is the

responder of IKE negotiation, it can have more than one remote IP address and one
of its remote IP addresses must match the local IP address configured on its peer.
The remote host name uniquely identifies the remote gateway in the network, and
can be resolved into an IP address by the DNS server. The local end can be the

initiator of IKE negotiation when the host name is specified.

Local Gateway Address

Enter the IP address of the local gateway.
By default, it is the primary IP address of the interface where the IPsec connection is
set up.

IMPORTANT:

Configure this item when you want to specify a special address (a loopback interface

address, for example) for the local gateway. The name or IP address of the remote

gateway is required for an initiator so that the initiator can find the remote peer in
negotiation.

Authentication Method

Select the authentication method to be used by the IKE negotiation. Options include:

Pre-Shared-Key—Uses the pre-shared key method. If this option is selected, enter

the key in the Key field and enter the same key in the Confirm Key filed.

Certificate—Uses the digital signature method. If this option is selected, select a

certificate from the list. Available certificates are configured in the certificate
management.

Remote ID Type

Select the remote ID type for IKE
negotiation phase 1. Options include:

IP Address—Uses an IP address as

the ID in IKE negotiation.

FQDN—Uses a Fully Qualified

Domain Name (FQDN) type of a

gateway name as the ID in IKE
negotiation. If this option is selected,

the remote gateway ID is required.

IMPORTANT:

If the IKE negotiation initiator uses the
FQDN or user FQDN ID type of the

security gateway as the ID for IKE

negotiation, it sends its gateway ID to
the peer, and the peer uses the

locally configured remote gateway ID

to authenticate the initiator. Make
sure that the remote gateway ID

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: