Disabling next payload field checking, Displaying and maintaining ike, Ike configuration examples – H3C Technologies H3C SecPath F1000-E User Manual
Page 173: Example for configuring ike, Network requirements
9
Disabling Next Payload Field Checking
The Next payload field is in the generic payload header of the last payload of the IKE negotiation
message (the message comprises multiple payloads). According to the protocol, this field must be 0 if the
payload is the last payload of the packet. However, it may be set to other values on some brands of
devices. For interoperability, disable the checking of this field.
Following these steps to disable Next payload field checking:
To do…
Use the command…
Remark
Enter system view
system-view
—
Disable Next payload field
checking
ike next-payload check disabled
Required
Enabled by default
Displaying and Maintaining IKE
To do…
Use the command…
Remarks
Display IKE DPD information
display ike dpd [ dpd-name ]
Available in any view
Display IKE peer information
display ike peer [ peer-name ]
Available in any view
Display IKE SA information
display ike sa [ verbose
[ connection-id connection-id |
remote-address remote-address ] ]
Available in any view
Display IKE proposal information
display ike proposal
Available in any view
Clear SAs established by IKE
reset ike sa [ connection-id ]
Available in user view
IKE Configuration Examples
Example for Configuring IKE
Network requirements
•
As shown in
, an IPsec tunnel is established through IKE negotiation between gateways
Device A and Device B to allow secure communication between Host A and Host B.
•
Device A is configured with an IKE proposal using the sequence number of 10 and the
authentication algorithm of MD5. Device B has only the default IKE proposal.
•
The two devices use the pre-shared key authentication method.