beautypg.com

Configuring a name for the local security gateway, Configuring an ike proposal – H3C Technologies H3C SecPath F1000-E User Manual

Page 168

background image

4

Determine the strength of the algorithms for IKE negotiation, namely the security protection level,

including the identity authentication method, encryption algorithm, authentication algorithm, and

DH group. Different algorithms provide different levels of protection. A stronger algorithm means
more resistant to decryption of protected data but requires more resources. Generally, the longer

the key, the stronger the algorithm.

Determine the pre-shared key or the PKI domain the certificate belongs to. For PKI configuration,
refer to PKI in the Firewall WEB.

Complete the following tasks to configure IKE:

Task Remarks

Configuring a Name for the Local Security Gateway

Optional

Configuring an IKE Proposal

Optional
Required if you want to specify an IKE
proposal for an IKE peer to reference.

Configuring an IKE Peer

Required

Setting Keepalive Timers

Optional

Setting the NAT Keepalive Timer

Optional

Configuring a DPD

Optional

Disabling Next Payload Field Checking

Optional

Configuring a Name for the Local Security

Gateway

If the IKE negotiation initiator uses the gateway name as its identification for IKE negotiation (that is, the
id-type name command is configured on the initiator), you must configure a name for the local security

gateway by using the ike local-name command in system view or local-name command in IKE peer view.

If you perform the configuration in both views, the name configured in IKE peer view is used.
Following these steps to configure a name for the local security gateway:

To do…

Use the command…

Remarks

Enter system view

system-view

Configure a name for the local
security gateway

ike local-name name

Optional
By default, the device name is used
as the name of the local security

gateway.

Configuring an IKE Proposal

An IKE proposal defines a set of attributes describing how IKE negotiation should take place. You may
create multiple IKE proposals with different preferences. The preference of an IKE proposal is represented

by its sequence number, and the lower the sequence number, the higher the preference.
Two peers must have at least one matching IKE proposal for successful IKE negotiation. During IKE

negotiation, the initiator sends its IKE proposals to the peer, and the peer searches its own IKE proposals

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: