Configuring global ike parameters, Configuring an ike proposal, Configuring global ike – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

827

Configuring global IKE parameters

1.

From the navigation tree, select VPN > IKE.
The IKE Global Configuration page appears.

Figure 880 IKE global configuration page

2.

Configure global IKE parameters, as described in

Table 269

.

3.

Click Apply.

Table 269 Configuration items

Item

Description

IKE Local Name

Enter a name for the local security gateway.
If the local device acts as the IKE negotiation initiator and uses the ID type of FQDN or the

user FQDN of the security gateway for IKE negotiation, you must configure this
parameter on the local device. Then, the local device sends its gateway name as

identification to its peer and the peer uses the locally configured remote gateway name

to authenticate the local device. Make sure that the local gateway name configured here
is identical to the remote gateway name configured on its peer.
By default, the device name is used as the local gateway name.

NAT Keepalive
Interval

Set the interval at which the ISAKMP SA sends NAT keepalive packets to its peer.
NAT mappings on a NAT gateway may get aged. If no packet traverses an IPsec tunnel
in a certain period of time, the NAT mapping will be deleted, disabling the tunnel beyond

the NAT gateway from transferring data. To prevent NAT mappings from being aged, an

ISAKMP SA sends to its peer NAT keepalive packets at a certain interval to keep the NAT
session alive.

Configuring an IKE proposal

1.

From the navigation tree, select VPN > IKE.

2.

Click the Proposal tab.
The IKE proposal list page appears.