beautypg.com

Configuring ike in the web interface, Ike configuration task list, Configuring global ike parameters – H3C Technologies H3C SecPath F1000-E User Manual

Page 136

background image

124

Configuring IKE in the Web interface

IKE configuration task list

Task Remarks

Configuring global IKE parameters

Optional.
Configure the IKE local name and NAT keepalive interval.

Configuring an IKE proposal

This task is required when IKE peers need to specify an IKE proposal.
The firewall has a default IKE proposal that has the lowest preference
with the following default settings:

Pre-shared key as the authentication method.

SHA as the authentication algorithm.

DES-CBC as the encryption algorithm. In FIPS mode, the default

encryption algorithm is AES-CBC-128.

DH group group1. In FIPS mode, the default DH group is group2.

SA lifetime of 86400 seconds.

Configuring IKE DPD

Optional.

Configuring an IKE peer

Required.
Create an IKE peer and configure the related parameters.

IMPORTANT:

If you change the settings of an IKE peer, clear the established IPsec SAs

and ISAKMP SAs on the VPN > IKE > IKE SA and VPN > IPSec > IPSec SA
pages. Otherwise, SA renegotiation fails.

Viewing IKE SAs

Optional.
View the summary information of the current ISAKMP SA.

Configuring global IKE parameters

1.

Select VPN > IKE > Global from the navigation tree.

Figure 82 IKE global configuration page

2.

Configure global IKE parameters as described in

Table 5

.

3.

Click Apply.