H3C Technologies H3C SecPath F1000-E User Manual
Page 150
138
Step Command
Remarks
7.
Configure the names of the
two ends.
a.
Specify a name for the
local security gateway:
local-name name
b.
Configure the name of the
remote security gateway:
remote-name name
Optional.
By default, no name is configured
for the local security gateway in IKE
peer view, and the security
gateway name configured by using
the ike local-name command is
used.
The remote gateway name
configured with remote-name
command on the local gateway
must be identical to the local name
configured with the local-name
command on the peer.
8.
Configure the IP addresses
of the two ends.
a.
Specify an IP address for
the local gateway:
local-address ip-address
b.
Configure the IP addresses
of the remote gateway:
remote-address.{ hostnam
e [ dynamic ] |
low-ip-address
[ high-ip-address ] }
Optional.
By default, it is the primary IP
address of the interface referencing
the security policy.
The remote IP address configured
with the remote-address command
on the local gateway must be
identical to the local IP address
configured with the local-address
command on the peer.
9.
Enable the NAT traversal
function for IPsec/IKE.
nat traversal
This step is required when a NAT
gateway is present in the VPN
tunnel constructed by IPsec/IKE.
Disabled by default.
10.
Set the subnet types of the
two ends.
a.
Set the subnet type of the
local end:
local { multi-subnet |
single-subnet }
b.
Set the subnet type of the
peer end:
peer { multi-subnet |
single-subnet }
Optional.
The default subnet type is
single-subnet.
Used only when the device is
working together with a NetScreen
device.
11.
Apply a DPD detector to the
IKE peer.
dpd dpd-name
Optional.
No DPD detector is applied to an
IKE peer by default. For more
information about DPD
configuration, see "
."
NOTE:
After modifying the configuration of an IPsec IKE peer, execute the reset ipsec sa and reset ike sa
commands to clear existing IPsec and IKE SAs. Otherwise, SA re-negotiation will fail.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS