beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 127

background image

i

Table of Contents

IPsec Configuration······················································································································································ 1

IPsec Overview··································································································································································1

Implementation of IPsec ···········································································································································2

Basic Concepts of IPsec ···········································································································································2

IPsec Tunnel Interface···············································································································································4

IPsec for IPv6 Routing Protocols ······························································································································6

Protocols and Standards··········································································································································6

Configuring IPsec ······························································································································································6

Implementing ACL-Based IPsec ········································································································································7

IPsec Configuration Task List ···································································································································7

Configuring ACLs ·····················································································································································7

Configuring an IPsec Proposal····························································································································· 10

Configuring an IPsec Policy·································································································································· 11

Applying an IPsec Policy Group to an Interface ································································································ 16

Enabling the Encryption Engine··························································································································· 16

Enabling the IPsec Module Backup Function······································································································ 17

Configuring the IPsec Session Idle Timeout ········································································································ 17

Enabling ACL Checking of De-Encapsulated IPsec Packets ·············································································· 18

Configuring the IPsec Anti-Replay Function ········································································································ 18

Configuring Packet Information Pre-Extraction ··································································································· 19

Implementing Tunnel Interface-Based IPsec ················································································································· 19

IPsec Configuration Task List ································································································································ 19

Configuring an IPsec Profile································································································································· 20

Configuring an IPsec Tunnel Interface················································································································· 21

Applying a QoS Policy to an IPsec Tunnel Interface ························································································· 22

Configuring IPsec for IPv6 Routing Protocols ·············································································································· 23

Displaying and Maintaining IPsec ······························································································································· 23

IPsec Configuration Examples······································································································································· 24

Example for Establishing an IPsec Tunnel in Manual Mode············································································· 24

Example for Establishing an IPsec Tunnel in IKE Negotiation Mode······························································· 26

Example for Configuring IPsec with IPsec Tunnel Interfaces············································································· 28

Example for Configuring IPsec for RIPng ············································································································ 32

IKE Configuration························································································································································· 1

IKE Overview·····································································································································································1

Security Mechanism of IKE······································································································································1

Operation of IKE·······················································································································································2

Functions of IKE ························································································································································3

Relationship Between IKE and IPsec·······················································································································3

Protocols and Standards··········································································································································3

IKE Configuration Task List···············································································································································3

Configuring a Name for the Local Security Gateway···································································································4

Configuring an IKE Proposal ···········································································································································4

Configuring an IKE Peer···················································································································································5

Setting Keepalive Timers ··················································································································································7

Setting the NAT Keepalive Timer ····································································································································8

Configuring a DPD····························································································································································8

Disabling Next Payload Field Checking·························································································································9

Displaying and Maintaining IKE ·····································································································································9

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: