Recommended configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 170
158
4.
Apply the IPsec policies to interfaces to finish IPsec configuration.
Recommended configuration procedure
Step Remarks
Required.
Configure ACLs to identify the data flows to be protected by IPsec.
IMPORTANT:
This document introduces only how to reference ACLs in IPsec. To create ACLs,
select Firewall > ACL from the navigation tree. For more information about the
procedure, see
Access Control Configuration Guide
.
Required.
An IPsec proposal defines a set of security parameters for IPsec SA
negotiation, including the security protocol, encryption and authentication
algorithms, and encapsulation mode.
IMPORTANT:
Changes to an IPsec proposal affect only SAs negotiated after the changes are
made.
Required if you are using an IPsec policy template group to create an IPsec
policy.
An IPsec policy template group is a collection of IPsec policy templates with
the same name but different sequence numbers. In an IPsec policy template
group, an IPsec policy template with a smaller sequence number has a higher
priority.
Required.
Configure an IPsec policy by specifying the parameters directly or using a
created IPsec policy template. The firewall supports only IPsec policies that
use IKE.
An IPsec policy group is a collection of IPsec policies with the same name but
different sequence numbers. The smaller the sequence number, the higher the
priority of the IPsec policy in the policy group.
IMPORTANT:
An IPsec policy referencing a template cannot be used to initiate SA
negotiations but can be used to respond to a negotiation request. The
parameters specified in the IPsec policy template must match those of the remote
end. The parameters not defined in the template are determined by the initiator.
Required.
Apply an IPsec policy group to an interface (logical or physical) to protect
certain data flows.
Optional.
View brief information about established IPsec SAs to verify your
configuration.
Optional.
View packet statistics to verify your configuration.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS