H3C Technologies H3C SecPath F1000-E User Manual
Page 170

6
To do…
Use the command…
Remarks
Specify the IKE proposals for the IKE
peer to reference
proposal
proposal-number&<1-6>
Optional
By default, an IKE peer references
no IKE proposals, and, when
initiating IKE negotiation, it uses
the IKE proposals configured in
system view .
Configure the pre-shared key for
pre-shared key authentication
pre-shared-key [ cipher |
simple ] key
Configure the PKI domain for digital
signature authentication
certificate domain
domain-name
Required
Configure either command
according to the authentication
method for the IKE proposal
Select the ID type in IKE negotiation
phase 1
id-type { ip | name }
Optional
ip by default
Specify a name for
the local security
gateway
local-name name
Specify the
names of the
two ends
Specify a name for
the remote security
gateway
remote-name name
Optional
By default, no name is configured
for the local security gateway in
IKE peer view, and the security
gateway name in system view is
used.
Specify an IP address
for the local gateway local-address ip-address
Specify the IP
addresses of
the two ends
Specify one or more
IP addresses for the
remote gateway
remote-address { hostname
[ dynamic ] | low-ip-address
[ high-ip-address ] }
Optional
By default, it is the primary IP
address of the interface
referencing the security policy.
Enable the NAT traversal function of
IPsec/IKE
nat traversal
Optional
Required when a NAT gateway is
present in the VPN tunnel
constructed by IPsec/IKE
Disabled by default
Set the subnet type of
the local end
local { multi-subnet |
single-subnet }
Set the subnet
types of the
two ends
Set the subnet type of
the peer end
peer { multi-subnet |
single-subnet }
Optional
single-subnet by default
Used only when the device is
interworking with a NETSCREEN
device