H3C Technologies H3C SecPath F1000-E User Manual

6

To do…

Use the command…

Remarks

Specify the IKE proposals for the IKE
peer to reference

proposal
proposal-number&<1-6>

Optional
By default, an IKE peer references
no IKE proposals, and, when

initiating IKE negotiation, it uses

the IKE proposals configured in

system view .

Configure the pre-shared key for
pre-shared key authentication

pre-shared-key [ cipher |
simple ] key

Configure the PKI domain for digital
signature authentication

certificate domain
domain-name

Required
Configure either command
according to the authentication

method for the IKE proposal

Select the ID type in IKE negotiation

phase 1

id-type { ip | name }

Optional
ip by default

Specify a name for
the local security

gateway

local-name name

Specify the
names of the

two ends

Specify a name for
the remote security

gateway

remote-name name

Optional
By default, no name is configured
for the local security gateway in

IKE peer view, and the security

gateway name in system view is
used.

Specify an IP address
for the local gateway local-address ip-address

Specify the IP
addresses of

the two ends

Specify one or more
IP addresses for the

remote gateway

remote-address { hostname
[ dynamic ] | low-ip-address

[ high-ip-address ] }

Optional
By default, it is the primary IP
address of the interface

referencing the security policy.

Enable the NAT traversal function of
IPsec/IKE

nat traversal

Optional
Required when a NAT gateway is

present in the VPN tunnel

constructed by IPsec/IKE
Disabled by default

Set the subnet type of
the local end

local { multi-subnet |
single-subnet }

Set the subnet
types of the

two ends

Set the subnet type of
the peer end

peer { multi-subnet |
single-subnet }

Optional
single-subnet by default
Used only when the device is
interworking with a NETSCREEN

device