beautypg.com

Configuring ike at the cli, Ike configuration task list, Figure 92 – H3C Technologies H3C SecPath F1000-E User Manual

Page 146

background image

134

Enter 5000 as the SA lifetime.

c.

Click Apply.

Figure 92 Creating an IKE proposal numbered 10

3.

Configuring the IKE peer on Device B:

a.

Select VPN > IKE > Peer from the navigation tree and then click Add.
The IKE peer configuration page appears, as shown in

1.b

.

b.

Perform the following operations on the page:
Enter peer as the peer name.
Select Main as the negotiation mode.
Enter 1.1.1.1 as the remote gateway IP address.
Select Pre-Shared Key and enter abcde as the pre-shared key.

c.

Click Apply.

After you complete the configuration, security gateways Device A and Device B can perform IKE

negotiation. Device A is configured with an IKE proposal numbered 10, which uses the authentication

algorithm of MD5; but Device B has only a default IKE proposal, which uses the default authentication

algorithm of SHA. Device B has no proposal matching proposal 10 of Device A, and the two devices
have only one pair of matched proposals, namely the default IKE proposals. The two devices do not need

to have the same ISAKMP SA lifetime; they will negotiate one.

Configuring IKE at the CLI

IKE configuration task list

Task Remarks

Configuring a name for the local security gateway

Optional.

Configuring an IKE proposal

Required if you want to specify an IKE proposal for an
IKE peer to reference.

Configuring an IKE peer

Required.