Configuring ike in the web interface, Ike configuration task list, Configuring global ike parameters – H3C Technologies H3C SecPath F1000-E User Manual
Page 136
124
Configuring IKE in the Web interface
IKE configuration task list
Task Remarks
Configuring global IKE parameters
Optional.
Configure the IKE local name and NAT keepalive interval.
This task is required when IKE peers need to specify an IKE proposal.
The firewall has a default IKE proposal that has the lowest preference
with the following default settings:
•
Pre-shared key as the authentication method.
•
SHA as the authentication algorithm.
•
DES-CBC as the encryption algorithm. In FIPS mode, the default
encryption algorithm is AES-CBC-128.
•
DH group group1. In FIPS mode, the default DH group is group2.
•
SA lifetime of 86400 seconds.
Optional.
Required.
Create an IKE peer and configure the related parameters.
IMPORTANT:
If you change the settings of an IKE peer, clear the established IPsec SAs
and ISAKMP SAs on the VPN > IKE > IKE SA and VPN > IPSec > IPSec SA
pages. Otherwise, SA renegotiation fails.
Optional.
View the summary information of the current ISAKMP SA.
Configuring global IKE parameters
1.
Select VPN > IKE > Global from the navigation tree.
Figure 82 IKE global configuration page
2.
Configure global IKE parameters as described in
3.
Click Apply.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS